CVE-2018-6829
Published: 7 February 2018
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Priority
CVSS 3 base score: 7.5
Status
Package | Release | Status |
---|---|---|
gnupg Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
precise |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
artful |
Does not exist
|
bionic |
Does not exist
|
|
precise |
Not vulnerable
|
|
trusty |
Not vulnerable
|
|
upstream |
Needs triage
|
|
xenial |
Does not exist
|
|
libgcrypt20 Launchpad, Ubuntu, Debian |
artful |
Not vulnerable
|
bionic |
Not vulnerable
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
|
Notes
Author | Note |
---|---|
mdeslaur | this is a flaw in applications that misuse libgcrypt as of 2018-05-31, no actionable action in libgcrypt, marking as not-affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
- NVD
- Launchpad
- Debian