Your submission was sent successfully! Close

CVE-2018-6594

Published: 3 February 2018

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
pycryptodome
Launchpad, Ubuntu, Debian
artful Ignored
(reached end-of-life)
bionic
Released (3.4.7-1ubuntu1)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Does not exist

python-crypto
Launchpad, Ubuntu, Debian
artful
Released (2.6.1-7ubuntu0.1)
bionic
Released (2.6.1-8ubuntu2)
precise
Released (2.4.1-1ubuntu0.3)
trusty
Released (2.6.1-4ubuntu0.3)
upstream Needs triage

xenial
Released (2.6.1-6ubuntu0.16.04.3)