CVE-2018-6829

Published: Feb 7, 2018Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Affected (1)

Products: Gnupg: Libgcrypt

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnupg Libgcrypt	Up to 1.8.2

Related CWEs

Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

References (8)

https://github.com/weikengchen/attack-on-libgcrypt-elgamal

Source: cve@mitre.org

Third Party Advisory

https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki

Source: cve@mitre.org

ExploitThird Party Advisory

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: cve@mitre.org

https://github.com/weikengchen/attack-on-libgcrypt-elgamal

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://www.oracle.com/security-alerts/cpujan2020.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.