CVE-2013-4242

N/A Unknown
Published: August 19, 2013 Modified: April 29, 2026
View on NVD

Description

GnuPG before 1.4.14, and Libgcrypt before 1.5.3 as used in GnuPG 2.0.x and possibly other products, allows local users to obtain private RSA keys via a cache side-channel attack involving the L3 cache, aka Flush+Reload.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

Login to generate AI explanation

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
Source: secalert@redhat.com
http://eprint.iacr.org/2013/448
Source: secalert@redhat.com
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: secalert@redhat.com
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
Source: secalert@redhat.com
http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
Source: secalert@redhat.com
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1457.html
Source: secalert@redhat.com
http://secunia.com/advisories/54318
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/54321
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/54332
Source: secalert@redhat.com
Vendor Advisory
http://secunia.com/advisories/54375
Source: secalert@redhat.com
Vendor Advisory
http://www.debian.org/security/2013/dsa-2730
Source: secalert@redhat.com
http://www.debian.org/security/2013/dsa-2731
Source: secalert@redhat.com
http://www.kb.cert.org/vuls/id/976534
Source: secalert@redhat.com
US Government Resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: secalert@redhat.com
http://www.securityfocus.com/bid/61464
Source: secalert@redhat.com
http://www.ubuntu.com/usn/USN-1923-1
Source: secalert@redhat.com
Vendor Advisory
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=717880
Source: af854a3a-2127-422b-91ae-364da2661108
http://eprint.iacr.org/2013/448
Source: af854a3a-2127-422b-91ae-364da2661108
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.gnupg.org/pipermail/gnupg-announce/2013q3/000330.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://lists.opensuse.org/opensuse-updates/2013-08/msg00003.html
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://rhn.redhat.com/errata/RHSA-2013-1457.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://secunia.com/advisories/54318
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/54321
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/54332
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://secunia.com/advisories/54375
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.debian.org/security/2013/dsa-2730
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.debian.org/security/2013/dsa-2731
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.kb.cert.org/vuls/id/976534
Source: af854a3a-2127-422b-91ae-364da2661108
US Government Resource
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.securityfocus.com/bid/61464
Source: af854a3a-2127-422b-91ae-364da2661108
http://www.ubuntu.com/usn/USN-1923-1
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

32 reference(s) from NVD

Quick Stats

CVSS v3 Score
N/A / 10.0
EPSS (Exploit Probability)
0.1%
26th percentile
Exploitation Status
Not in CISA KEV

Weaknesses (CWE)

CWE-200

Affected Vendors

debian canonical gnupg opensuse

Related CVEs

CVE-2026-8108 7.8
CVE-2026-5371 7.1
CVE-2026-44548 8.1
CVE-2026-44547 9.6
CVE-2026-44352 N/A