View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2014-3591 severity moderate: SUSE including 334 source package names (0.9.1:libgcrypt20-1.6.1-13.1, 1.0.0:libgcrypt20-1.6.1-13.1, …), 425 product×package rows across 93 product lines (Container caasp/v4/default-http-backend, Container caasp/v4/dnsmasq-nanny, … (93 product lines)): Fixed 259, Known Affected 157, Known Not Affected 9.
Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.