Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Information Disclosure
Libgcrypt
Debian Linux
NVD
CVSS 2.0
2.1
EPSS
0.1%
Prev
Page 2 of 2