CVE-2018-6829
Published: 7 February 2018
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Notes
Author | Note |
---|---|
mdeslaur | this is a flaw in applications that misuse libgcrypt as of 2018-05-31, no actionable action in libgcrypt, marking as not-affected |
Priority
Status
Package | Release | Status |
---|---|---|
libgcrypt20 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Does not exist
(trusty was not-affected)
|
|
xenial |
Not vulnerable
|
|
artful |
Not vulnerable
|
|
bionic |
Not vulnerable
|
|
libgcrypt11 Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Not vulnerable
|
|
xenial |
Does not exist
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
|
gnupg Launchpad, Ubuntu, Debian |
upstream |
Needs triage
|
trusty |
Not vulnerable
|
|
xenial |
Not vulnerable
|
|
artful |
Does not exist
|
|
bionic |
Does not exist
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | None |
Availability impact | None |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6829
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal
- https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
- https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html
- NVD
- Launchpad
- Debian