Vulnerability Details CVE-2014-1921
parcimonie before 0.8.1, when using a large keyring, sleeps for the same amount of time between fetches, which allows attackers to correlate key fetches via unspecified vectors.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://seclists.org/oss-sec/2014/q1/305
- http://seclists.org/oss-sec/2014/q1/308
- http://www.debian.org/security/2014/dsa-2860
- http://www.securityfocus.com/bid/65505
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91118
- https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz
- http://seclists.org/oss-sec/2014/q1/305
- http://seclists.org/oss-sec/2014/q1/308
- http://www.debian.org/security/2014/dsa-2860
- http://www.securityfocus.com/bid/65505
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=738134
- https://exchange.xforce.ibmcloud.com/vulnerabilities/91118
- https://gaffer.ptitcanardnoir.org/intrigeri/files/parcimonie/App-Parcimonie-0.8.1.tar.gz
Products affected by CVE-2014-1921
-
cpe:2.3:a:parcimonie_project:parcimonie:*
-
cpe:2.3:a:parcimonie_project:parcimonie:0.6-1
-
cpe:2.3:a:parcimonie_project:parcimonie:0.6-3
-
cpe:2.3:a:parcimonie_project:parcimonie:0.7-1