What is the severity of CVE-2013-4242?

CVE-2013-4242 has a high severity rating due to its potential to allow local users to obtain private RSA keys through a cache side-channel attack.

How do I fix CVE-2013-4242?

To mitigate CVE-2013-4242, update GnuPG to version 1.4.14 or later and Libgcrypt to version 1.5.3 or later.

What versions of GnuPG are affected by CVE-2013-4242?

GnuPG versions prior to 1.4.14 are affected by CVE-2013-4242.

What operating systems are impacted by CVE-2013-4242?

CVE-2013-4242 impacts various versions of Ubuntu, Debian, and openSUSE that utilize affected versions of GnuPG and Libgcrypt.

Is CVE-2013-4242 a remote or local vulnerability?

CVE-2013-4242 is a local vulnerability that can be exploited by local users on the affected system.

Vulnerability/
CVE-2013-4242

low

1.9

CWE

200

19/8/2013

6/8/2024

CVE-2013-4242: Infoleak

First published: Mon Aug 19 2013(Updated: )

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

Credit: secalert@redhat.com

Affected Software	Affected Version	How to fix
Ubuntu	=10.04
Ubuntu	=12.04
Ubuntu	=12.10
Ubuntu	=13.04
Debian	=6.0
Debian	=7.0
GnuPG 2 (Gnu Privacy Guard)	<=1.4.13
GnuPG 2 (Gnu Privacy Guard)	=0.0.0
GnuPG 2 (Gnu Privacy Guard)	=0.2.15
GnuPG 2 (Gnu Privacy Guard)	=0.2.16
GnuPG 2 (Gnu Privacy Guard)	=0.2.17
GnuPG 2 (Gnu Privacy Guard)	=0.2.18
GnuPG 2 (Gnu Privacy Guard)	=0.2.19
GnuPG 2 (Gnu Privacy Guard)	=0.3.0
GnuPG 2 (Gnu Privacy Guard)	=0.3.1
GnuPG 2 (Gnu Privacy Guard)	=0.3.2
GnuPG 2 (Gnu Privacy Guard)	=0.3.3
GnuPG 2 (Gnu Privacy Guard)	=0.3.4
GnuPG 2 (Gnu Privacy Guard)	=0.3.5
GnuPG 2 (Gnu Privacy Guard)	=0.4.0
GnuPG 2 (Gnu Privacy Guard)	=0.4.1
GnuPG 2 (Gnu Privacy Guard)	=0.4.3
GnuPG 2 (Gnu Privacy Guard)	=0.4.4
GnuPG 2 (Gnu Privacy Guard)	=0.4.5
GnuPG 2 (Gnu Privacy Guard)	=0.9.0
GnuPG 2 (Gnu Privacy Guard)	=0.9.1
GnuPG 2 (Gnu Privacy Guard)	=0.9.2
GnuPG 2 (Gnu Privacy Guard)	=0.9.3
GnuPG 2 (Gnu Privacy Guard)	=0.9.4
GnuPG 2 (Gnu Privacy Guard)	=0.9.5
GnuPG 2 (Gnu Privacy Guard)	=0.9.6
GnuPG 2 (Gnu Privacy Guard)	=0.9.7
GnuPG 2 (Gnu Privacy Guard)	=0.9.8
GnuPG 2 (Gnu Privacy Guard)	=0.9.9
GnuPG 2 (Gnu Privacy Guard)	=0.9.10
GnuPG 2 (Gnu Privacy Guard)	=0.9.11
GnuPG 2 (Gnu Privacy Guard)	=1.0.0
GnuPG 2 (Gnu Privacy Guard)	=1.0.1
GnuPG 2 (Gnu Privacy Guard)	=1.0.2
GnuPG 2 (Gnu Privacy Guard)	=1.0.3
GnuPG 2 (Gnu Privacy Guard)	=1.0.4
GnuPG 2 (Gnu Privacy Guard)	=1.0.4
GnuPG 2 (Gnu Privacy Guard)	=1.0.5
GnuPG 2 (Gnu Privacy Guard)	=1.0.5
GnuPG 2 (Gnu Privacy Guard)	=1.0.6
GnuPG 2 (Gnu Privacy Guard)	=1.0.7
GnuPG 2 (Gnu Privacy Guard)	=1.2.0
GnuPG 2 (Gnu Privacy Guard)	=1.2.1
GnuPG 2 (Gnu Privacy Guard)	=1.2.1-windows
GnuPG 2 (Gnu Privacy Guard)	=1.2.2
GnuPG 2 (Gnu Privacy Guard)	=1.2.3
GnuPG 2 (Gnu Privacy Guard)	=1.2.4
GnuPG 2 (Gnu Privacy Guard)	=1.2.5
GnuPG 2 (Gnu Privacy Guard)	=1.2.6
GnuPG 2 (Gnu Privacy Guard)	=1.2.7
GnuPG 2 (Gnu Privacy Guard)	=1.3.0
GnuPG 2 (Gnu Privacy Guard)	=1.3.1
GnuPG 2 (Gnu Privacy Guard)	=1.3.2
GnuPG 2 (Gnu Privacy Guard)	=1.3.3
GnuPG 2 (Gnu Privacy Guard)	=1.3.4
GnuPG 2 (Gnu Privacy Guard)	=1.3.6
GnuPG 2 (Gnu Privacy Guard)	=1.3.90
GnuPG 2 (Gnu Privacy Guard)	=1.3.91
GnuPG 2 (Gnu Privacy Guard)	=1.3.92
GnuPG 2 (Gnu Privacy Guard)	=1.3.93
GnuPG 2 (Gnu Privacy Guard)	=1.4.0
GnuPG 2 (Gnu Privacy Guard)	=1.4.10
GnuPG 2 (Gnu Privacy Guard)	=1.4.11
GnuPG 2 (Gnu Privacy Guard)	=1.4.12
GnuPG 2 (Gnu Privacy Guard)	=2.0.1
GnuPG 2 (Gnu Privacy Guard)	=2.0.3
GnuPG 2 (Gnu Privacy Guard)	=2.0.4
GnuPG 2 (Gnu Privacy Guard)	=2.0.5
GnuPG 2 (Gnu Privacy Guard)	=2.0.6
GnuPG 2 (Gnu Privacy Guard)	=2.0.7
GnuPG 2 (Gnu Privacy Guard)	=2.0.8
GnuPG 2 (Gnu Privacy Guard)	=2.0.10
GnuPG 2 (Gnu Privacy Guard)	=2.0.11
GnuPG 2 (Gnu Privacy Guard)	=2.0.12
GnuPG 2 (Gnu Privacy Guard)	=2.0.13
GnuPG 2 (Gnu Privacy Guard)	=2.0.14
GnuPG 2 (Gnu Privacy Guard)	=2.0.15
GnuPG 2 (Gnu Privacy Guard)	=2.0.16
GnuPG 2 (Gnu Privacy Guard)	=2.0.17
GnuPG 2 (Gnu Privacy Guard)	=2.0.18
GnuPG 2 (Gnu Privacy Guard)	=2.0.19
Libgcrypt	<=1.5.2
Libgcrypt	=1.4.0
Libgcrypt	=1.4.3
Libgcrypt	=1.4.4
Libgcrypt	=1.4.5
Libgcrypt	=1.4.6
Libgcrypt	=1.5.0
Libgcrypt	=1.5.1
SUSE Linux	=12.2
SUSE Linux	=12.3

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-4242?
CVE-2013-4242 has a high severity rating due to its potential to allow local users to obtain private RSA keys through a cache side-channel attack.
How do I fix CVE-2013-4242?
To mitigate CVE-2013-4242, update GnuPG to version 1.4.14 or later and Libgcrypt to version 1.5.3 or later.
What versions of GnuPG are affected by CVE-2013-4242?
GnuPG versions prior to 1.4.14 are affected by CVE-2013-4242.
What operating systems are impacted by CVE-2013-4242?
CVE-2013-4242 impacts various versions of Ubuntu, Debian, and openSUSE that utilize affected versions of GnuPG and Libgcrypt.
Is CVE-2013-4242 a remote or local vulnerability?
CVE-2013-4242 is a local vulnerability that can be exploited by local users on the affected system.

agent/type
agent/references
agent/author
agent/severity
agent/weakness
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/canonical
canonical/ubuntu
version/ubuntu/10.04
version/ubuntu/12.04
version/ubuntu/12.10
version/ubuntu/13.04
vendor/debian
canonical/debian
version/debian/6.0
version/debian/7.0
vendor/gnupg
canonical/gnupg 2 (gnu privacy guard)
version/gnupg 2 (gnu privacy guard)/1.4.13
version/gnupg 2 (gnu privacy guard)/0.0.0
version/gnupg 2 (gnu privacy guard)/0.2.15
version/gnupg 2 (gnu privacy guard)/0.2.16
version/gnupg 2 (gnu privacy guard)/0.2.17
version/gnupg 2 (gnu privacy guard)/0.2.18
version/gnupg 2 (gnu privacy guard)/0.2.19
version/gnupg 2 (gnu privacy guard)/0.3.0
version/gnupg 2 (gnu privacy guard)/0.3.1
version/gnupg 2 (gnu privacy guard)/0.3.2
version/gnupg 2 (gnu privacy guard)/0.3.3
version/gnupg 2 (gnu privacy guard)/0.3.4
version/gnupg 2 (gnu privacy guard)/0.3.5
version/gnupg 2 (gnu privacy guard)/0.4.0
version/gnupg 2 (gnu privacy guard)/0.4.1
version/gnupg 2 (gnu privacy guard)/0.4.3
version/gnupg 2 (gnu privacy guard)/0.4.4
version/gnupg 2 (gnu privacy guard)/0.4.5
version/gnupg 2 (gnu privacy guard)/0.9.0
version/gnupg 2 (gnu privacy guard)/0.9.1
version/gnupg 2 (gnu privacy guard)/0.9.2
version/gnupg 2 (gnu privacy guard)/0.9.3
version/gnupg 2 (gnu privacy guard)/0.9.4
version/gnupg 2 (gnu privacy guard)/0.9.5
version/gnupg 2 (gnu privacy guard)/0.9.6
version/gnupg 2 (gnu privacy guard)/0.9.7
version/gnupg 2 (gnu privacy guard)/0.9.8
version/gnupg 2 (gnu privacy guard)/0.9.9
version/gnupg 2 (gnu privacy guard)/0.9.10
version/gnupg 2 (gnu privacy guard)/0.9.11
version/gnupg 2 (gnu privacy guard)/1.0.0
version/gnupg 2 (gnu privacy guard)/1.0.1
version/gnupg 2 (gnu privacy guard)/1.0.2
version/gnupg 2 (gnu privacy guard)/1.0.3
version/gnupg 2 (gnu privacy guard)/1.0.4
version/gnupg 2 (gnu privacy guard)/1.0.5
version/gnupg 2 (gnu privacy guard)/1.0.6
version/gnupg 2 (gnu privacy guard)/1.0.7
version/gnupg 2 (gnu privacy guard)/1.2.0
version/gnupg 2 (gnu privacy guard)/1.2.1
version/gnupg 2 (gnu privacy guard)/1.2.1-windows
version/gnupg 2 (gnu privacy guard)/1.2.2
version/gnupg 2 (gnu privacy guard)/1.2.3
version/gnupg 2 (gnu privacy guard)/1.2.4
version/gnupg 2 (gnu privacy guard)/1.2.5
version/gnupg 2 (gnu privacy guard)/1.2.6
version/gnupg 2 (gnu privacy guard)/1.2.7
version/gnupg 2 (gnu privacy guard)/1.3.0
version/gnupg 2 (gnu privacy guard)/1.3.1
version/gnupg 2 (gnu privacy guard)/1.3.2
version/gnupg 2 (gnu privacy guard)/1.3.3
version/gnupg 2 (gnu privacy guard)/1.3.4
version/gnupg 2 (gnu privacy guard)/1.3.6
version/gnupg 2 (gnu privacy guard)/1.3.90
version/gnupg 2 (gnu privacy guard)/1.3.91
version/gnupg 2 (gnu privacy guard)/1.3.92
version/gnupg 2 (gnu privacy guard)/1.3.93
version/gnupg 2 (gnu privacy guard)/1.4.0
version/gnupg 2 (gnu privacy guard)/1.4.10
version/gnupg 2 (gnu privacy guard)/1.4.11
version/gnupg 2 (gnu privacy guard)/1.4.12
version/gnupg 2 (gnu privacy guard)/2.0.1
version/gnupg 2 (gnu privacy guard)/2.0.3
version/gnupg 2 (gnu privacy guard)/2.0.4
version/gnupg 2 (gnu privacy guard)/2.0.5
version/gnupg 2 (gnu privacy guard)/2.0.6
version/gnupg 2 (gnu privacy guard)/2.0.7
version/gnupg 2 (gnu privacy guard)/2.0.8
version/gnupg 2 (gnu privacy guard)/2.0.10
version/gnupg 2 (gnu privacy guard)/2.0.11
version/gnupg 2 (gnu privacy guard)/2.0.12
version/gnupg 2 (gnu privacy guard)/2.0.13
version/gnupg 2 (gnu privacy guard)/2.0.14
version/gnupg 2 (gnu privacy guard)/2.0.15
version/gnupg 2 (gnu privacy guard)/2.0.16
version/gnupg 2 (gnu privacy guard)/2.0.17
version/gnupg 2 (gnu privacy guard)/2.0.18
version/gnupg 2 (gnu privacy guard)/2.0.19
canonical/libgcrypt
version/libgcrypt/1.5.2
version/libgcrypt/1.4.0
version/libgcrypt/1.4.3
version/libgcrypt/1.4.4
version/libgcrypt/1.4.5
version/libgcrypt/1.4.6
version/libgcrypt/1.5.0
version/libgcrypt/1.5.1
vendor/opensuse
canonical/suse linux
version/suse linux/12.2
version/suse linux/12.3