ElGamal Vulnerability in Libgcrypt Affecting Security of Encrypted Messages
CVE-2018-6829

7.5HIGH

Key Information:

Vendor

Gnupg

Status
Libgcrypt
Vendor
CVE Published:
7 February 2018

What is CVE-2018-6829?

The ElGamal implementation in Libgcrypt versions through 1.8.2 contains a vulnerability that results in improper encoding of plaintext data during encryption. This flaw can potentially allow attackers to glean sensitive information from ciphertexts, compromising the confidentiality of encrypted messages. The implementation does not maintain semantic security against ciphertext-only attacks, violating the Decisional Diffie-Hellman (DDH) assumption. Consequently, this vulnerability poses a significant risk to data security for users operating vulnerable versions.

References

https://github.com/weikengchen/attack-on-libgcrypt-elgama...
x_refsource_MISC
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-Febru...
x_refsource_MISC
https://github.com/weikengchen/attack-on-libgcrypt-elgamal
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.