{"id":"DEBIAN-CVE-2014-5270","details":"Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers to conduct key-extraction attacks by leveraging the ability to collect voltage data from exposed metal, a different vector than CVE-2013-4576.","modified":"2026-04-28T20:17:17.806014Z","published":"2014-10-10T01:55:10.383Z","upstream":["CVE-2014-5270"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2014-5270"}],"affected":[{"package":{"name":"libgcrypt20","ecosystem":"Debian:11","purl":"pkg:deb/debian/libgcrypt20?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.0-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-5270.json"}},{"package":{"name":"libgcrypt20","ecosystem":"Debian:12","purl":"pkg:deb/debian/libgcrypt20?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.0-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-5270.json"}},{"package":{"name":"libgcrypt20","ecosystem":"Debian:13","purl":"pkg:deb/debian/libgcrypt20?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.0-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-5270.json"}},{"package":{"name":"libgcrypt20","ecosystem":"Debian:14","purl":"pkg:deb/debian/libgcrypt20?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"1.6.0-2"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2014-5270.json"}}],"schema_version":"1.7.5"}