Unrated severityNVD Advisory· Published Oct 10, 2014· Updated Jun 17, 2026
CVE-2014-5270
CVE-2014-5270
Description
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
11cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*+ 9 more
- cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*range: <=1.5.3
- cpe:2.3:a:gnupg:libgcrypt:1.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnupg:libgcrypt:1.5.2:*:*:*:*:*:*:*
- (no CPE)range: <1.5.4
Patches
Vulnerability mechanics
References
5- lists.gnupg.org/pipermail/gnupg-announce/2014q3/000352.htmlnvdPatchVendor Advisory
- openwall.com/lists/oss-security/2014/08/16/2nvdMailing ListThird Party Advisory
- www.debian.org/security/2014/dsa-3073nvdThird Party Advisory
- www.cs.tau.ac.il/~tromer/handsoff/nvdTechnical Description
- www.debian.org/security/2014/dsa-3024nvd
News mentions
0No linked articles in our index yet.