7.5

CVE-2018-6829

Exploit
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnupgLibgcrypt Version <= 1.8.2
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.81% 0.758
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-327 Use of a Broken or Risky Cryptographic Algorithm

The product uses a broken or risky cryptographic algorithm or protocol.

https://www.oracle.com/security-alerts/cpujan2020.html
https://github.com/weikengchen/attack-on-libgcrypt-elgamal
Third Party Advisory
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
Third Party Advisory
Exploit
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
Third Party Advisory
Issue Tracking