Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-6829

Опубликовано: 08 фев. 2018
Источник: redhat
CVSS3: 5.3

Описание

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Отчет

This is not a security flaw in libgcrypt. However if an application uses The El-gamal algorithm implemented by libgcrypt in a particular way than the application would be vulnerable to security flaw(s). More detailed explanation is available at: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5libgcryptNot affected
Red Hat Enterprise Linux 6libgcryptNot affected
Red Hat Enterprise Linux 7libgcryptNot affected
Red Hat Enterprise Linux 8libgcryptNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-200
https://bugzilla.redhat.com/show_bug.cgi?id=1543437libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2018-6829

CVSS3: 7.5
ubuntu
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

nvd логотип

CVE-2018-6829

CVSS3: 7.5
nvd
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

debian логотип

CVE-2018-6829

CVSS3: 7.5
debian
почти 8 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt mess ...

github логотип

GHSA-wcf7-2f92-j5mv

CVSS3: 7.5
github
больше 3 лет назад

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

fstec логотип

BDU:2020-01023

CVSS3: 7.5
fstec
около 8 лет назад

Уязвимость компонента cipher/elgamal.c криптографической библиотеки Libgcrypt, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации

5.3 Medium

CVSS3