CVE-2014-3591
Description
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 are vulnerable to a side-channel attack on Elgamal decryption, allowing physical attackers to recover the private key.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 are vulnerable to a side-channel attack on Elgamal decryption, allowing physical attackers to recover the private key.
Vulnerability
Libgcrypt versions before 1.6.3 and GnuPG before 1.4.19 do not implement ciphertext blinding during Elgamal decryption [1][2]. This missing countermeasure leaves the multiplication operation susceptible to side-channel analysis via electromagnetic emanations.
Exploitation
An attacker with physical proximity to the device performing Elgamal decryption can capture electromagnetic field fluctuations. By crafting specific ciphertexts and analyzing the EM traces, the attacker can extract secret key material.
Impact
Successful exploitation allows the attacker to recover the server's private Elgamal key, leading to compromise of all encrypted communications and signatures.
Mitigation
The issue is fixed in Libgcrypt 1.6.3 and GnuPG 1.4.19 [1][2]. Users should update to these versions or later. No workaround is available for unpatched versions.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
18- osv-coords14 versionspkg:rpm/opensuse/libgcrypt&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Desktop%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP3pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2011%20SP4pkg:rpm/suse/libgcrypt&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012
< 1.7.3-1.3+ 13 more
- (no CPE)range: < 1.7.3-1.3
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.6.1-13.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.6.1-13.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.6.1-13.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.5.0-0.19.1
- (no CPE)range: < 1.6.1-13.1
- GNU/GnuPGv5Range: before 1.4.19
- GNU/Libgcryptv5Range: before 1.6.3
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
5- www.cs.tau.ac.il/~tromer/radioexp/mitrex_refsource_MISC
- www.debian.org/security/2015/dsa-3184mitrex_refsource_MISC
- www.debian.org/security/2015/dsa-3185mitrex_refsource_MISC
- lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.htmlmitrex_refsource_MISC
- lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.