Home > Vulnerability Database > CVE-2018-6829

Mend.io Vulnerability Database

CVE-2018-6829

Date: February 7, 2018

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Language: C

Severity Score

7.5

Related Resources (7)

Url: https://security-tracker.debian.org/tracker/CVE-2018-6829

Url: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

Url: https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki

Url: https://www.oracle.com/security-alerts/cpujan2020.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2018-6829

Url: https://github.com/weikengchen/attack-on-libgcrypt-elgamal

Url: https://www.mend.io/vulnerability-database/CVE-2018-6829

Severity Score

7.5

Weakness Type (CWE)

Cryptographic Issues

CWE-310

Information Leak / Disclosure

CWE-200

Use of a Broken or Risky Cryptographic Algorithm

CWE-327

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2018-6829

Date: February 7, 2018

Language: C

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?