cve-2013-4576
Vulnerability from cvelistv5
Published
2013-12-20 21:00
Modified
2024-08-06 16:45
Severity ?
Summary
GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.
References
secalert@redhat.comhttp://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.htmlPatch, Vendor Advisory
secalert@redhat.comhttp://osvdb.org/101170
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2014-0016.html
secalert@redhat.comhttp://seclists.org/oss-sec/2013/q4/520
secalert@redhat.comhttp://seclists.org/oss-sec/2013/q4/523
secalert@redhat.comhttp://www.cs.tau.ac.il/~tromer/acoustic/
secalert@redhat.comhttp://www.debian.org/security/2013/dsa-2821
secalert@redhat.comhttp://www.securityfocus.com/bid/64424
secalert@redhat.comhttp://www.securitytracker.com/id/1029513
secalert@redhat.comhttp://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-2059-1
secalert@redhat.comhttps://exchange.xforce.ibmcloud.com/vulnerabilities/89846
af854a3a-2127-422b-91ae-364da2661108http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.htmlPatch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/101170
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2014-0016.html
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2013/q4/520
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/oss-sec/2013/q4/523
af854a3a-2127-422b-91ae-364da2661108http://www.cs.tau.ac.il/~tromer/acoustic/
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2013/dsa-2821
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/64424
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id/1029513
af854a3a-2127-422b-91ae-364da2661108http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-2059-1
af854a3a-2127-422b-91ae-364da2661108https://exchange.xforce.ibmcloud.com/vulnerabilities/89846
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-06T16:45:14.839Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "64424",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/64424",
               },
               {
                  name: "USN-2059-1",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_UBUNTU",
                     "x_transferred",
                  ],
                  url: "http://www.ubuntu.com/usn/USN-2059-1",
               },
               {
                  name: "101170",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/101170",
               },
               {
                  name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html",
               },
               {
                  name: "RHSA-2014:0016",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_REDHAT",
                     "x_transferred",
                  ],
                  url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html",
               },
               {
                  name: "1029513",
                  tags: [
                     "vdb-entry",
                     "x_refsource_SECTRACK",
                     "x_transferred",
                  ],
                  url: "http://www.securitytracker.com/id/1029513",
               },
               {
                  name: "gunpg-cve20134576-info-disclosure(89846)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846",
               },
               {
                  name: "DSA-2821",
                  tags: [
                     "vendor-advisory",
                     "x_refsource_DEBIAN",
                     "x_transferred",
                  ],
                  url: "http://www.debian.org/security/2013/dsa-2821",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf",
               },
               {
                  name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2013/q4/523",
               },
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.cs.tau.ac.il/~tromer/acoustic/",
               },
               {
                  name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
                  tags: [
                     "mailing-list",
                     "x_refsource_MLIST",
                     "x_transferred",
                  ],
                  url: "http://seclists.org/oss-sec/2013/q4/520",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2013-12-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-28T12:57:01",
            orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
            shortName: "redhat",
         },
         references: [
            {
               name: "64424",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/64424",
            },
            {
               name: "USN-2059-1",
               tags: [
                  "vendor-advisory",
                  "x_refsource_UBUNTU",
               ],
               url: "http://www.ubuntu.com/usn/USN-2059-1",
            },
            {
               name: "101170",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/101170",
            },
            {
               name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html",
            },
            {
               name: "RHSA-2014:0016",
               tags: [
                  "vendor-advisory",
                  "x_refsource_REDHAT",
               ],
               url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html",
            },
            {
               name: "1029513",
               tags: [
                  "vdb-entry",
                  "x_refsource_SECTRACK",
               ],
               url: "http://www.securitytracker.com/id/1029513",
            },
            {
               name: "gunpg-cve20134576-info-disclosure(89846)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846",
            },
            {
               name: "DSA-2821",
               tags: [
                  "vendor-advisory",
                  "x_refsource_DEBIAN",
               ],
               url: "http://www.debian.org/security/2013/dsa-2821",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf",
            },
            {
               name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2013/q4/523",
            },
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.cs.tau.ac.il/~tromer/acoustic/",
            },
            {
               name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
               tags: [
                  "mailing-list",
                  "x_refsource_MLIST",
               ],
               url: "http://seclists.org/oss-sec/2013/q4/520",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "secalert@redhat.com",
               ID: "CVE-2013-4576",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "64424",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/64424",
                  },
                  {
                     name: "USN-2059-1",
                     refsource: "UBUNTU",
                     url: "http://www.ubuntu.com/usn/USN-2059-1",
                  },
                  {
                     name: "101170",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/101170",
                  },
                  {
                     name: "[gnupg-devel] 20131218 [Announce] [security fix] GnuPG 1.4.16 released",
                     refsource: "MLIST",
                     url: "http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html",
                  },
                  {
                     name: "RHSA-2014:0016",
                     refsource: "REDHAT",
                     url: "http://rhn.redhat.com/errata/RHSA-2014-0016.html",
                  },
                  {
                     name: "1029513",
                     refsource: "SECTRACK",
                     url: "http://www.securitytracker.com/id/1029513",
                  },
                  {
                     name: "gunpg-cve20134576-info-disclosure(89846)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/89846",
                  },
                  {
                     name: "DSA-2821",
                     refsource: "DEBIAN",
                     url: "http://www.debian.org/security/2013/dsa-2821",
                  },
                  {
                     name: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf",
                     refsource: "MISC",
                     url: "http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf",
                  },
                  {
                     name: "[oss-security] 20131218 Re: GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2013/q4/523",
                  },
                  {
                     name: "http://www.cs.tau.ac.il/~tromer/acoustic/",
                     refsource: "MISC",
                     url: "http://www.cs.tau.ac.il/~tromer/acoustic/",
                  },
                  {
                     name: "[oss-security] 20131218 GnuPG 1.4.16 fixes RSA key extraction via acoustic side channel (CVE-2013-4576)",
                     refsource: "MLIST",
                     url: "http://seclists.org/oss-sec/2013/q4/520",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749",
      assignerShortName: "redhat",
      cveId: "CVE-2013-4576",
      datePublished: "2013-12-20T21:00:00",
      dateReserved: "2013-06-12T00:00:00",
      dateUpdated: "2024-08-06T16:45:14.839Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      fkie_nvd: {
         configurations: "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"1.4.15\", \"matchCriteriaId\": \"3A287B57-D002-4A42-96F1-E1F701F9762C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B6863306-F7B8-47D9-8FF9-4340FC6D718F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BA95D254-1D85-4523-9DF2-8A07BF05573E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D07D0653-4538-47D8-AB8F-0A23D65F0AE0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"95E18355-65AF-4DB4-B6B2-431D7788FF23\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*\", \"matchCriteriaId\": \"0E61804F-21BA-4850-B859-D69C80F37FFC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"88C40692-FE9F-48D6-9AEB-5F35FA369980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*\", \"matchCriteriaId\": \"585F51C8-2FDC-46CE-9F71-ED9EE2ADA472\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"18395DAB-24DA-4ABD-ABD8-38A49417B052\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6228E3FF-5EB4-4F46-9EA8-1B114947994D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"96DEF388-2B09-4212-8AF5-9FE54CCAFEC8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"1A798490-741B-4EB4-B1D9-353A181A7AA2\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*\", \"matchCriteriaId\": \"F781A379-57DF-4D1E-8B85-4FD637E4B967\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8466E9BD-5623-40EE-A604-0F29C3520B63\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"4E98B61C-7093-4251-B1D8-59B647C2DF6B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6F9FCAC0-08D1-4044-A506-4AC14BF381CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"545E4C50-229D-4B27-9DB2-9D1204451A9E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D50A16A8-9C96-47CB-B18B-AE79C754ABBC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"08877372-B7DD-4543-84A8-C40D2BA100F1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7135BE6C-E797-4C41-BCD5-161DC7561433\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E909F1D4-AFB1-43F3-9635-E318D64099B4\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"688CDCA9-2809-4C0E-9DBC-133F48D56BEA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"564B521B-3C7C-46CF-94E8-A368AF81DA54\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FC04BFA0-C7B0-4F70-9676-8156C9CE18AE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9F43CE80-06BC-4448-9033-F2F88663C527\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"A7181202-BC32-4F1E-9EF8-F544CCDA1671\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F55827F8-CC36-45DA-8F9E-1F520911EB12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"365FF476-1FFD-4E09-900C-50E0660766AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"28374619-966D-4F38-B83E-A6296F27CC05\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"22A28CDF-F2AF-4D49-9FB1-AED34A758289\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"6399A22D-90DF-4CB5-9367-0C5242BD1A2B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"FDA6934A-3D02-4749-A147-BE538C0AF27F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DC6150E3-1D7C-44DA-BA57-35AB26F881B1\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"3EB20A34-5E11-4D70-B3DE-66DD9863AE0D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CA47467D-3D96-46DB-B0AC-D28586829710\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"68B68F2F-0718-4C87-9629-4657DC49EECC\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"69D492F9-2064-488A-BD16-99DD865D2BF6\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"B4929286-63C2-45D0-B0C7-E14438D82883\"}]}]}]",
         descriptions: "[{\"lang\": \"en\", \"value\": \"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.\"}, {\"lang\": \"es\", \"value\": \"GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes f\\u00edsicamente pr\\u00f3ximos extraer claves RSA a trav\\u00e9s de un ataque de texto cifrado elegido y criptoan\\u00e1lisis ac\\u00fastico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales ac\\u00fasticos, dado que esto es responsabilidad del dispositivo f\\u00edsico. De esta manera, problemas de este tipo no recibir\\u00e1n normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una pol\\u00edtica de seguridad en la cual GnuPG deber\\u00eda ofrecer resistencia ante cnales laterales, y violaciones de pol\\u00edticas de seguridad espec\\u00edficas para los desarrolladores est\\u00e1n dentro del \\u00e1mbito de CVE.\"}]",
         id: "CVE-2013-4576",
         lastModified: "2024-11-21T01:55:51.773",
         metrics: "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:N/A:N\", \"baseScore\": 2.1, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"LOW\", \"exploitabilityScore\": 3.9, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
         published: "2013-12-20T21:55:06.930",
         references: "[{\"url\": \"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/101170\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0016.html\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/520\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/523\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.cs.tau.ac.il/~tromer/acoustic/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.debian.org/security/2013/dsa-2821\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securityfocus.com/bid/64424\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.securitytracker.com/id/1029513\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2059-1\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"http://osvdb.org/101170\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://rhn.redhat.com/errata/RHSA-2014-0016.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/520\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://seclists.org/oss-sec/2013/q4/523\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.cs.tau.ac.il/~tromer/acoustic/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.debian.org/security/2013/dsa-2821\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/64424\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securitytracker.com/id/1029513\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.ubuntu.com/usn/USN-2059-1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
         sourceIdentifier: "secalert@redhat.com",
         vulnStatus: "Modified",
         weaknesses: "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-255\"}]}]",
      },
      nvd: "{\"cve\":{\"id\":\"CVE-2013-4576\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2013-12-20T21:55:06.930\",\"lastModified\":\"2024-11-21T01:55:51.773\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"GnuPG 1.x before 1.4.16 generates RSA keys using sequences of introductions with certain patterns that introduce a side channel, which allows physically proximate attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. NOTE: applications are not typically expected to protect themselves from acoustic side-channel attacks, since this is arguably the responsibility of the physical device. Accordingly, issues of this type would not normally receive a CVE identifier. However, for this issue, the developer has specified a security policy in which GnuPG should offer side-channel resistance, and developer-specified security-policy violations are within the scope of CVE.\"},{\"lang\":\"es\",\"value\":\"GnuPG 1.x anteriores a 1.4.16 genera claves RSA utilizando secuencias de introducciones con ciertos patrones que introducen un ataque de canal lateral, lo cual permite a atacantes físicamente próximos extraer claves RSA a través de un ataque de texto cifrado elegido y criptoanálisis acústico durante el descifrado. NOTA: normalmente no se espera de las aplicaciones que se protejan ante ataques laterales acústicos, dado que esto es responsabilidad del dispositivo físico. De esta manera, problemas de este tipo no recibirán normalmente un identificador CVE. En cualquier caso, para este problema, el desarrollador a especificado una política de seguridad en la cual GnuPG debería ofrecer resistencia ante cnales laterales, y violaciones de políticas de seguridad específicas para los desarrolladores están dentro del ámbito de CVE.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-255\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"1.4.15\",\"matchCriteriaId\":\"3A287B57-D002-4A42-96F1-E1F701F9762C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B6863306-F7B8-47D9-8FF9-4340FC6D718F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BA95D254-1D85-4523-9DF2-8A07BF05573E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9E24FB9C-1CA9-4A1B-8AF6-06B3C1865EF0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D07D0653-4538-47D8-AB8F-0A23D65F0AE0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"95E18355-65AF-4DB4-B6B2-431D7788FF23\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.4:-:win32:*:*:*:*:*\",\"matchCriteriaId\":\"0E61804F-21BA-4850-B859-D69C80F37FFC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"88C40692-FE9F-48D6-9AEB-5F35FA369980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.5:-:win32:*:*:*:*:*\",\"matchCriteriaId\":\"585F51C8-2FDC-46CE-9F71-ED9EE2ADA472\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"18395DAB-24DA-4ABD-ABD8-38A49417B052\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.0.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6228E3FF-5EB4-4F46-9EA8-1B114947994D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"96DEF388-2B09-4212-8AF5-9FE54CCAFEC8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1A798490-741B-4EB4-B1D9-353A181A7AA2\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.1:windows:*:*:*:*:*:*\",\"matchCriteriaId\":\"F781A379-57DF-4D1E-8B85-4FD637E4B967\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8466E9BD-5623-40EE-A604-0F29C3520B63\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4E98B61C-7093-4251-B1D8-59B647C2DF6B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F9FCAC0-08D1-4044-A506-4AC14BF381CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"545E4C50-229D-4B27-9DB2-9D1204451A9E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D50A16A8-9C96-47CB-B18B-AE79C754ABBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.2.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08877372-B7DD-4543-84A8-C40D2BA100F1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7135BE6C-E797-4C41-BCD5-161DC7561433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E909F1D4-AFB1-43F3-9635-E318D64099B4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DB4AAE4C-3F59-46D3-A38E-CC5DFCBEC3DF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"688CDCA9-2809-4C0E-9DBC-133F48D56BEA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"564B521B-3C7C-46CF-94E8-A368AF81DA54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FC04BFA0-C7B0-4F70-9676-8156C9CE18AE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.90:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9F43CE80-06BC-4448-9033-F2F88663C527\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.91:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A7181202-BC32-4F1E-9EF8-F544CCDA1671\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.92:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F55827F8-CC36-45DA-8F9E-1F520911EB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.3.93:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CCEAA5DF-33D1-4D4A-BA01-4BC863DBC272\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"365FF476-1FFD-4E09-900C-50E0660766AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"28374619-966D-4F38-B83E-A6296F27CC05\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"22A28CDF-F2AF-4D49-9FB1-AED34A758289\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6399A22D-90DF-4CB5-9367-0C5242BD1A2B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D63B0B4A-3998-4A4F-AD7A-BB8CEBE897B9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FDA6934A-3D02-4749-A147-BE538C0AF27F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8B238CA5-3B4D-4D6A-92CA-39A7CD57AF40\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC6150E3-1D7C-44DA-BA57-35AB26F881B1\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"3EB20A34-5E11-4D70-B3DE-66DD9863AE0D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.11:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CA47467D-3D96-46DB-B0AC-D28586829710\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.12:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"68B68F2F-0718-4C87-9629-4657DC49EECC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"69D492F9-2064-488A-BD16-99DD865D2BF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:gnupg:gnupg:1.4.14:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B4929286-63C2-45D0-B0C7-E14438D82883\"}]}]}],\"references\":[{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/101170\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0016.html\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/520\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/523\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.cs.tau.ac.il/~tromer/acoustic/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2821\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securityfocus.com/bid/64424\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.securitytracker.com/id/1029513\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2059-1\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\",\"source\":\"secalert@redhat.com\"},{\"url\":\"http://lists.gnupg.org/pipermail/gnupg-devel/2013-December/028102.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"http://osvdb.org/101170\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://rhn.redhat.com/errata/RHSA-2014-0016.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/520\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://seclists.org/oss-sec/2013/q4/523\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.cs.tau.ac.il/~tromer/acoustic/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.debian.org/security/2013/dsa-2821\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/64424\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securitytracker.com/id/1029513\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.tau.ac.il/~tromer/papers/acoustic-20131218.pdf\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.ubuntu.com/usn/USN-2059-1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/89846\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}",
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.