Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2018-6829

Опубликовано: 07 фев. 2018
Источник: debian

Описание

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
libgcrypt20unfixedpackage
libgcrypt11removedpackage
gnupg1unfixedpackage
gnupgremovedpackage

Примечания

  • https://github.com/weikengchen/attack-on-libgcrypt-elgamal

  • https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki

  • https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

  • GnuPG uses ElGamal in hybrid mode only.

  • This is not a vulnerability in libgcrypt, but in an application using

  • it in an insecure manner, see also

  • https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

Связанные уязвимости

ubuntu логотип

CVE-2018-6829

CVSS3: 7.5
ubuntu
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

redhat логотип

CVE-2018-6829

CVSS3: 5.3
redhat
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

nvd логотип

CVE-2018-6829

CVSS3: 7.5
nvd
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

github логотип

GHSA-wcf7-2f92-j5mv

CVSS3: 7.5
github
больше 3 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

fstec логотип

BDU:2020-01023

CVSS3: 7.5
fstec
около 8 лет назад

Уязвимость компонента cipher/elgamal.c криптографической библиотеки Libgcrypt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации