CVE-2018-6829

ADVISORY - debian

Summary

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

libgcrypt20 (unimportant)
libgcrypt11 (unimportant)
gnupg1 (unimportant)
gnupg (unimportant) https://github.com/weikengchen/attack-on-libgcrypt-elgamal https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html GnuPG uses ElGamal in hybrid mode only. This is not a vulnerability in libgcrypt, but in an application using it in an insecure manner, see also https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

EPSS Score⁠: 0.01266 (0.784)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-327⁠

Use of a Broken or Risky Cryptographic Algorithm

ADVISORY - redhat

CWE-200⁠

Exposure of Sensitive Information to an Unauthorized Actor

Impacted images

Advisories

Debian

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2018-6829⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/libgcrypt20	deb	debian	12	>=1.10.1-3	Not yet available
debian/gnupg1	deb	debian	11	>=1.4.23-1.1	Not yet available
debian/gnupg1	deb	debian	unstable	>=1.4.23-3	Not yet available
debian/gnupg1	deb	debian	12	>=1.4.23-1.1	Not yet available
debian/gnupg1	deb	debian	13	>=1.4.23-3	Not yet available
debian/libgcrypt20	deb	debian	unstable	>=1.11.0-7	Not yet available
debian/libgcrypt20	deb	debian	13	>=1.11.0-7	Not yet available
debian/libgcrypt20	deb	debian	11	>=1.8.7-6	Not yet available

Severity and metrics

No CVSS data available from this advisory.

NIST

CREATED

7 years ago

UPDATED

6 months ago

ADVISORY IDCVE-2018-6829⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-327⁠

CVSS SCORE

7.5high

Ubuntu

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2018-6829⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

7.5medium

Red Hat

CREATED

7 years ago

UPDATED

2 months ago

ADVISORY IDCVE-2018-6829⁠

EXPLOITABILITY SCORE

3.9

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-200⁠

CVSS SCORE

5.3medium

intheWild

CREATED

2 months ago

UPDATED

2 months ago

ADVISORY IDCVE-2018-6829⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM ADVISORY