CVE-2018-6829
Published: 7 February 2018
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Priority
Medium
CVSS 3 base score: 7.5
Status
| Package | Release | Status |
|---|---|---|
|
gnupg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| precise |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
| bionic |
Does not exist
|
|
| precise |
Not vulnerable
|
|
| trusty |
Not vulnerable
|
|
| upstream |
Needs triage
|
|
| xenial |
Does not exist
|
|
|
libgcrypt20 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
| bionic |
Not vulnerable
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
|
Notes
| Author | Note |
|---|---|
| mdeslaur | this is a flaw in applications that misuse libgcrypt as of 2018-05-31, no actionable action in libgcrypt, marking as not-affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
- NVD
- Launchpad
- Debian