Your submission was sent successfully! Close

CVE-2018-6829

Published: 7 February 2018

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Notes

AuthorNote
mdeslaur
this is a flaw in applications that misuse libgcrypt
as of 2018-05-31, no actionable action in libgcrypt, marking as
not-affected
Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
gnupg
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Not vulnerable

libgcrypt11
Launchpad, Ubuntu, Debian
artful Does not exist

bionic Does not exist

precise Not vulnerable

trusty Not vulnerable

upstream Needs triage

xenial Does not exist

libgcrypt20
Launchpad, Ubuntu, Debian
artful Not vulnerable

bionic Not vulnerable

precise Does not exist

trusty Does not exist
(trusty was not-affected)
upstream Needs triage

xenial Not vulnerable