Unrated severityNVD Advisory· Published Oct 10, 2014· Updated May 6, 2026

CVE-2014-5270

Description

Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.

Affected products

Gnupg/Libgcrypt9 versions
cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*+ 8 more
- cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*range: <=1.5.3
- cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*
Debian/Debian Linux
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.htmlnvdPatchVendor Advisory
openwall.com/lists/oss-security/2014/08/16/2nvdMailing ListThird Party Advisory
www.debian.org/security/2014/dsa-3073nvdThird Party Advisory
www.cs.tau.ac.il/~tromer/handsoff/nvdTechnical Description
www.debian.org/security/2014/dsa-3024nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000