Sign In

CVE-2018-6829

SOURCE - nist

Summary

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

EPSS Score: 0.00193 (0.567)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-327

Use of a Broken or Risky Cryptographic Algorithm

SOURCE - redhat

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

Sources (5)

Impacted images

debian

CREATED

UPDATED

SOURCE IDCVE-2018-6829
EXPLOITABILITY SCORE

-

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow
PackageTypeOS NameOS VersionAffected RangesFix Versions
debian/libgcrypt20debdebian12>=1.10.1-3Not yet available
debian/gnupg1debdebian11>=1.4.23-1.1Not yet available
debian/gnupg1debdebian13>=1.4.23-2Not yet available
debian/gnupg1debdebian10>=1.4.23-1Not yet available
debian/gnupg1debdebian12>=1.4.23-1.1Not yet available
debian/gnupg1debdebianunstable>=1.4.23-2Not yet available
debian/libgcrypt20debdebian10>=1.8.4-5+deb10u1Not yet available
debian/libgcrypt20debdebianunstable>=1.10.3-3Not yet available
debian/libgcrypt20debdebian13>=1.10.3-3Not yet available
debian/libgcrypt20debdebian11>=1.8.7-6Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

UPDATED

SOURCE IDCVE-2018-6829
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
COMMON WEAKNESS ENUMERATION (CWE)
CWE-327

CVSS SCORE

7.5high

ubuntu

CREATED

UPDATED

SOURCE IDCVE-2018-6829
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

redhat

CREATED

UPDATED

SOURCE IDCVE-2018-6829
EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND
-
COMMON WEAKNESS ENUMERATION (CWE)
CWE-200

CVSS SCORE

5.3medium

inthewild

CREATED

UPDATED

SOURCE IDCVE-2018-6829
EXPLOITABILITY SCORE

-

EXPLOITS FOUND

-

COMMON WEAKNESS ENUMERATION (CWE)-
RATING UNAVAILABLE FROM SOURCE