CVE-2018-6829
Summary
| CVE | CVE-2018-6829 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2018-02-07 23:29:00 UTC |
| Updated | 2020-01-15 20:15:00 UTC |
| Description | cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. |
Risk And Classification
Problem Types: CWE-327
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Home · weikengchen/attack-on-libgcrypt-elgamal Wiki · GitHub | MISC | github.com | Exploit, Third Party Advisory |
| Attack on libgcrypt's ElGamal Encryption with Proof of Concept (PoC) | MISC | lists.gnupg.org | Issue Tracking, Third Party Advisory |
| GitHub - weikengchen/attack-on-libgcrypt-elgamal: Attack on the ElGamal Implementation of libgcrypt | MISC | github.com | Third Party Advisory |
| Oracle Critical Patch Update Advisory - January 2020 | MISC | www.oracle.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.