CVE-2013-4576

Name of the Vulnerable Software and Affected Versions GnuPG versions 1.4.5 through 1.4.15

Description The issue allows attackers to extract RSA keys via a chosen-ciphertext attack and acoustic cryptanalysis during decryption. This can be exploited remotely and may lead to a violation of the confidentiality and integrity of protected information. The vulnerability is related to the generation of RSA keys using sequences of introductions with certain patterns, which introduces a side channel.

Recommendations For GnuPG versions 1.4.5 through 1.4.15, update to version 1.4.16 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information and physical devices to minimize the risk of exploitation. Avoid using the vulnerable GnuPG versions for sensitive operations until the issue is resolved.