cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Use of a Broken or Risky Cryptographic Algorithm
Exposure of Sensitive Information to an Unauthorized Actor
-
Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
---|---|---|---|---|---|
debian/libgcrypt20 | deb | debian | 12 | >=1.10.1-3 | Not yet available |
debian/gnupg1 | deb | debian | 11 | >=1.4.23-1.1 | Not yet available |
debian/gnupg1 | deb | debian | 13 | >=1.4.23-2 | Not yet available |
debian/gnupg1 | deb | debian | 10 | >=1.4.23-1 | Not yet available |
debian/gnupg1 | deb | debian | 12 | >=1.4.23-1.1 | Not yet available |
debian/gnupg1 | deb | debian | unstable | >=1.4.23-2 | Not yet available |
debian/libgcrypt20 | deb | debian | 10 | >=1.8.4-5+deb10u1 | Not yet available |
debian/libgcrypt20 | deb | debian | unstable | >=1.10.3-3 | Not yet available |
debian/libgcrypt20 | deb | debian | 13 | >=1.10.3-3 | Not yet available |
debian/libgcrypt20 | deb | debian | 11 | >=1.8.7-6 | Not yet available |
Severity and metrics
No CVSS data available from this source.
3.9
3.9
3.9
-
-