← Zuruck zu CVEs

CVE-2018-6829

N/A

Beschreibung

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

CVE Details

CVSS v3.1 BewertungN/A

Veroffentlicht2/7/2018

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

gnupg:libgcrypt

Schwachen (CWE)

CWE-327

Referenzen

https://github.com/weikengchen/attack-on-libgcrypt-elgamal(cve@mitre.org)

https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki(cve@mitre.org)

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html(cve@mitre.org)

https://www.oracle.com/security-alerts/cpujan2020.html(cve@mitre.org)

https://github.com/weikengchen/attack-on-libgcrypt-elgamal(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki(af854a3a-2127-422b-91ae-364da2661108)

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html(af854a3a-2127-422b-91ae-364da2661108)

https://www.oracle.com/security-alerts/cpujan2020.html(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.