CVE-2018-6829

ADVISORY - nist

Summary

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

EPSS Score⁠: 0.00193 (0.576)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.