DEBIAN-CVE-2018-6829

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2018-6829

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2018-6829.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2018-6829

Upstream

CVE-2018-6829

Published

2018-02-07T23:29:01Z

Modified

2025-09-30T05:12:32.270287Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

https://security-tracker.debian.org/tracker/CVE-2018-6829

Affected packages

Debian:11

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-1.1

1.4.23-2

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.8.7-6

1.9.0-1

1.9.1-1

1.9.2~beta16-1

1.9.2-1

1.9.3-1

1.9.4-1

1.9.4-2

1.9.4-3

1.9.4-4

1.9.4-5

1.10.0-1

1.10.0-2

1.10.1-1

1.10.1-2

1.10.1-3

1.10.2-1

1.10.2-2

1.10.2-2+loong64

1.10.2-3

1.10.3-1

1.10.3-2

1.10.3-3

1.11.0~beta450-1

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-4

1.11.0-5

1.11.0-6

1.11.0-7

1.11.0+git20250114-1

1.11.1-1

1.11.2-1

1.11.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-1.1

1.4.23-2

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.10.1-3

1.10.2-1

1.10.2-2

1.10.2-2+loong64

1.10.2-3

1.10.3-1

1.10.3-2

1.10.3-3

1.11.0~beta450-1

1.11.0-1

1.11.0-2

1.11.0-3

1.11.0-4

1.11.0-5

1.11.0-6

1.11.0-7

1.11.0+git20250114-1

1.11.1-1

1.11.2-1

1.11.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0-7

1.11.0+git20250114-1

1.11.1-1

1.11.2-1

1.11.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:14

gnupg1

Package

Name: gnupg1
Purl: pkg:deb/debian/gnupg1?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.4.23-3

Ecosystem specific

{
    "urgency": "unimportant"
}

libgcrypt20

Package

Name: libgcrypt20
Purl: pkg:deb/debian/libgcrypt20?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.11.0-7

1.11.0+git20250114-1

1.11.1-1

1.11.2-1

1.11.2-2

Ecosystem specific

{
    "urgency": "unimportant"
}