CVE-2018-6829

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-6829

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-6829.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2018-6829

Published

2018-02-07T23:29:01Z

Modified

2025-01-14T07:36:28.711656Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

Affected packages

Debian:11 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-1.1

1.4.23-2

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-1.1

1.4.23-2

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-1.1

1.4.23-2

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:11 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.7-6

1.9.0-1

1.9.1-1

1.9.2~beta16-1

1.9.2-1

1.9.3-1

1.9.4-1

1.9.4-2

1.9.4-3

1.9.4-4

1.9.4-5

1.10.0-1

1.10.0-2

1.10.1-1

1.10.1-2

1.10.1-3

1.10.2-1

1.10.2-2

1.10.2-2+loong64

1.10.2-3

1.10.3-1

1.10.3-2

1.10.3-3

1.11.0~beta450-1

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-4

1.11.0-5

1.11.0-6

1.11.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.1-3

1.10.2-1

1.10.2-2

1.10.2-2+loong64

1.10.2-3

1.10.3-1

1.10.3-2

1.10.3-3

1.11.0~beta450-1

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-4

1.11.0-5

1.11.0-6

1.11.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.1-3

1.10.2-1

1.10.2-2

1.10.2-2+loong64

1.10.2-3

1.10.3-1

1.10.3-2

1.10.3-3

1.11.0~beta450-1

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-4

1.11.0-5

1.11.0-6

1.11.0-7

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/gpg/libgcrypt

Affected ranges

Type: GIT
Repo: https://github.com/gpg/libgcrypt
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

eb84e429950b6a61c00112e70a584940c1d352e4

Affected versions

Other

DEVEL-BRANCH-1-1

V-0-2-8

V0-0-0

V0-1-0

V0-2-0

V0-2-10

V0-2-15

V0-2-17

V0-2-18

V0-2-19

V0-2-6

V0-3-0

V0-3-1

V0-3-2

V0-3-3

V0-3-4

V0-3-5

V0-4-0

V0-4-1

V0-4-2

V0-4-3

V0-4-4

V0-4-5

V0-9-0

V0-9-1

V0-9-10

V0-9-11

V0-9-2

V0-9-3

V0-9-4

V0-9-5

V0-9-6

V0-9-7

V0-9-8

V0-9-9

V1-0-0

V1-0-1

V1-0-1-ePit-1

V1-0-2

V1-0-3

V1-0-4

V1-1-0

V1-1-10

V1-1-11

V1-1-12

V1-1-2

V1-1-3

V1-1-4

V1-1-42

V1-1-43

V1-1-44

V1-1-5

V1-1-6

V1-1-7

V1-1-8

V1-1-9

V1-1-90

V1-1-91

V1-1-92

V1-1-93

V1-1-94

V1-2-0

V1-2-1

ecc-integration-done

last-gpl-version

marcus-after-thread-cbs

marcus-before-thread-cbs

now-less-freedom-protected

post-nuke-of-trailing-ws

libgcrypt-1.*

libgcrypt-1.3.0

libgcrypt-1.3.1

libgcrypt-1.3.2

libgcrypt-1.4.0

libgcrypt-1.4.1

libgcrypt-1.4.1rc1

libgcrypt-1.4.2

libgcrypt-1.4.2rc1

libgcrypt-1.4.2rc2

libgcrypt-1.4.3

libgcrypt-1.4.4

libgcrypt-1.5.0

libgcrypt-1.5.0-beta1

libgcrypt-1.6.0

libgcrypt-1.7.0

libgcrypt-1.7.1

libgcrypt-1.7.2

libgcrypt-1.7.3

libgcrypt-1.8.0

libgcrypt-1.8.1

libgcrypt-1.8.2