{"api_version":"1","generated_at":"2026-04-22T19:35:00+00:00","cve":"CVE-2018-6829","urls":{"html":"https://cve.report/CVE-2018-6829","api":"https://cve.report/api/cve/CVE-2018-6829.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2018-6829","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2018-6829"},"summary":{"title":"CVE-2018-6829","description":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2018-02-07 23:29:00","updated_at":"2020-01-15 20:15:00"},"problem_types":["CWE-327"],"metrics":[],"references":[{"url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki","name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki","refsource":"MISC","tags":["Exploit","Third Party Advisory"],"title":"Home · weikengchen/attack-on-libgcrypt-elgamal Wiki · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html","name":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html","refsource":"MISC","tags":["Issue Tracking","Third Party Advisory"],"title":"Attack on libgcrypt's ElGamal Encryption with Proof of Concept (PoC)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal","name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal","refsource":"MISC","tags":["Third Party Advisory"],"title":"GitHub - weikengchen/attack-on-libgcrypt-elgamal: Attack on the ElGamal Implementation of libgcrypt","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","name":"https://www.oracle.com/security-alerts/cpujan2020.html","refsource":"MISC","tags":[],"title":"Oracle Critical Patch Update Advisory - January 2020","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2018-6829","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-6829","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2018","cve_id":"6829","vulnerable":"1","versionEndIncluding":"1.8.2","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"gnupg","cpe5":"libgcrypt","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2018-6829","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki","refsource":"MISC","url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki"},{"name":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html","refsource":"MISC","url":"https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html"},{"name":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal","refsource":"MISC","url":"https://github.com/weikengchen/attack-on-libgcrypt-elgamal"},{"url":"https://www.oracle.com/security-alerts/cpujan2020.html","refsource":"MISC","name":"https://www.oracle.com/security-alerts/cpujan2020.html"}]}},"nvd":{"publishedDate":"2018-02-07 23:29:00","lastModifiedDate":"2020-01-15 20:15:00","problem_types":["CWE-327"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.0","vectorString":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:gnupg:libgcrypt:*:*:*:*:*:*:*:*","versionEndIncluding":"1.8.2","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2018","CveId":"6829","Ordinal":"123038","Title":"CVE-2018-6829","CVE":"CVE-2018-6829","Year":"2018"},"notes":[{"CveYear":"2018","CveId":"6829","Ordinal":"1","NoteData":"cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.","Type":"Description","Title":null},{"CveYear":"2018","CveId":"6829","Ordinal":"2","NoteData":"2018-02-07","Type":"Other","Title":"Published"},{"CveYear":"2018","CveId":"6829","Ordinal":"3","NoteData":"2020-01-15","Type":"Other","Title":"Modified"}]}}}