Use of a Broken or Risky Cryptographic Algorithm in libgcrypt20

Do your applications use this vulnerable package? Test your applications

Overview

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

References

Debian Security Tracker
MISC
MISC
MISC
MISC

Attack Vector

Network
Attack Complexity

Low
Privileges Required

None
User Interaction

None
Scope

Unchanged
Confidentiality

High
Integrity

None
Availability

None

CVE: CVE-2018-6829
CWE: CWE-327
Snyk ID: SNYK-DEBIAN10-LIBGCRYPT20-391902
Disclosed: 07 Feb, 2018
Published: 07 Feb, 2018

Use of a Broken or Risky Cryptographic Algorithm
Affecting libgcrypt20 package, versions *

Overview

References

CVSS Score

Use of a Broken or Risky Cryptographic Algorithm Affecting libgcrypt20 package, versions *

Overview

References

Use of a Broken or Risky Cryptographic Algorithm
Affecting libgcrypt20 package, versions *