CVE-2014-3591 [Medium] | Information Disclosure in Gnupg

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2025-04-13	0.04%	0.14%	+0.10%
2	2025-03-30	0.11%	0.04%	-0.07%
3	2025-03-29	—	0.11%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2025-04-13

0.04%

0.14%

+0.10%

2025-03-30

0.11%

0.04%

-0.07%

2025-03-29

—

0.11%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.2	3.1	MEDIUM	`CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N` Click to expand Attack vector (AV:P) Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire. Attack complexity (AC:H) Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work. Privileges required (PR:N) No account or special rights needed—anonymous or random user is enough. User interaction (UI:N) Nobody has to click “OK” or open a trap file; it can work without a victim helping. Scope (S:U) Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems. Confidentiality (C:H) Serious risk that confidential data gets exposed in a big way. Integrity (I:N) Data isn’t meaningfully altered or forged. Availability (A:N) Service keeps running; no real outage angle.	0.5	3.6	[email protected]
1.9	2.0	LOW	`AV:L/AC:M/Au:N/C:P/I:N/A:N` Click to expand Access vector (AV:L) Requires local access to the target system. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:P) Partial confidentiality impact. Integrity impact (I:N) No integrity impact. Availability impact (A:N) No availability impact.	3.4	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.2

3.1

MEDIUM

CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Click to expand

Attack vector (AV:P): Hands-on access—USB, keyboard, opening the case—not something you do purely over the wire.
Attack complexity (AC:H): Even with access, the exploit needs extra luck, timing, or a fussy environment to actually work.
Privileges required (PR:N): No account or special rights needed—anonymous or random user is enough.
User interaction (UI:N): Nobody has to click “OK” or open a trap file; it can work without a victim helping.
Scope (S:U): Damage stays in the same “trust bubble” as the broken component—no big spill into unrelated systems.
Confidentiality (C:H): Serious risk that confidential data gets exposed in a big way.
Integrity (I:N): Data isn’t meaningfully altered or forged.
Availability (A:N): Service keeps running; no real outage angle.

0.5

3.6

[email protected]

1.9

2.0

LOW

AV:L/AC:M/Au:N/C:P/I:N/A:N Click to expand

Access vector (AV:L): Requires local access to the target system.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:P): Partial confidentiality impact.
Integrity impact (I:N): No integrity impact.
Availability impact (A:N): No availability impact.

3.4

2.9

[email protected]

OS Trackers for CVE-2014-3591

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2014-3591 not yet assigned priority: Debian including 1 source packages (libgcrypt20), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2014-3591
`gentoo`	normal	CVE-2014-3591: 2 GLSA(s) (201606-04, 201610-04), 2 atom(s) (app-crypt/gnupg, dev-libs/libgcrypt); latest impact normal.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2014-3591
`redhat`	low	—	https://access.redhat.com/security/cve/CVE-2014-3591
`suse`	medium	CVE-2014-3591 severity moderate: SUSE including 334 source package names (0.9.1:libgcrypt20-1.6.1-13.1, 1.0.0:libgcrypt20-1.6.1-13.1, …), 425 product×package rows across 93 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (93 product lines)): Fixed 259, Known Affected 157, Known Not Affected 9.	https://www.suse.com/security/cve/CVE-2014-3591/
`ubuntu`	low	CVE-2014-3591 low priority: Ubuntu including 3 source packages (gnupg, libgcrypt11, libgcrypt20), 15 status rows across 5 suites (lucid, precise, trusty, upstream, utopic): released 12, DNE 2, needed 1.	https://ubuntu.com/security/CVE-2014-3591

Affected software / configurations for CVE-2014-3591

Vendor	Product	Version	Raw CPE
gnupg	gnupg	< 1.4.19	cpe:2.3:a:gnupg:gnupg::::::::
gnupg	libgcrypt	< 1.6.3	cpe:2.3:a:gnupg:libgcrypt::::::::
debian	debian_linux	7.0	cpe:2.3:o:debian:debian_linux:7.0:::::::*
debian	debian_linux	8.0	cpe:2.3:o:debian:debian_linux:8.0:::::::*

References for CVE-2014-3591

URL	Tags
http://www.cs.tau.ac.il/~tromer/radioexp/	Third Party Advisory
http://www.debian.org/security/2015/dsa-3184	Third Party Advisory
http://www.debian.org/security/2015/dsa-3185	Third Party Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000363.html	Patch Release Notes Vendor Advisory
https://lists.gnupg.org/pipermail/gnupg-announce/2015q1/000364.html	Patch Vendor Advisory

URL

CVE-2014-3591

Exploit prediction scoring system (EPSS) score for CVE-2014-3591

Common vulnerability scoring system (CVSS) metrics for CVE-2014-3591

Weakness enumeration for CVE-2014-3591

OS Trackers for CVE-2014-3591

Affected software / configurations for CVE-2014-3591

References for CVE-2014-3591