Unrated severityNVD Advisory· Published Feb 14, 2014· Updated Apr 29, 2026

CVE-2014-1921

Description

parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.

Affected products

Parcimonie Project/Parcimonie4 versions
cpe:2.3:a:parcimonie_project:parcimonie:*:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:a:parcimonie_project:parcimonie:*:*:*:*:*:*:*:*range: <=0.7.1-1
- cpe:2.3:a:parcimonie_project:parcimonie:0.6-1:*:*:*:*:*:*:*
- cpe:2.3:a:parcimonie_project:parcimonie:0.6-3:*:*:*:*:*:*:*
- cpe:2.3:a:parcimonie_project:parcimonie:0.7-1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gznvdPatch
seclists.org/oss-sec/2014/q1/305nvd
seclists.org/oss-sec/2014/q1/308nvd
www.debian.org/security/2014/dsa-2860nvd
www.securityfocus.com/bid/65505nvd
bugs.debian.org/cgi-bin/bugreport.cginvd
exchange.xforce.ibmcloud.com/vulnerabilities/91118nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000