AZL-41815

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41815.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-41815

Upstream

CVE-2014-3591

Published

2019-11-29T22:15:11Z

Modified

2026-04-01T05:14:24.770345Z

Severity

4.2 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

CVE-2014-3591 affecting package grub2 for versions less than 2.06-25

Details

Libgcrypt before 1.6.3 and GnuPG before 1.4.19 does not implement ciphertext blinding for Elgamal decryption, which allows physically proximate attackers to obtain the server's private key by determining factors using crafted ciphertext and the fluctuations in the electromagnetic field during multiplication.

References

https://nvd.nist.gov/vuln/detail/CVE-2014-3591

Affected packages

Azure Linux:3 / grub2

Package

Name: grub2
Purl: pkg:rpm/azure-linux/grub2

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.06-25

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-41815.json"