CVE-2018-6829

NameCVE-2018-6829
Descriptioncipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gnupg (PTS)wheezy1.4.12-7+deb7u7vulnerable
wheezy (security)1.4.12-7+deb7u9vulnerable
jessie (security), jessie1.4.18-7+deb8u4vulnerable
gnupg1 (PTS)stretch1.4.21-4vulnerable
buster, sid1.4.22-4vulnerable
libgcrypt11 (PTS)wheezy1.5.0-5+deb7u4vulnerable
wheezy (security)1.5.0-5+deb7u6vulnerable
libgcrypt20 (PTS)jessie (security), jessie1.6.3-2+deb8u4vulnerable
stretch (security), stretch1.7.6-2+deb9u2vulnerable
buster, sid1.8.1-4vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gnupgsource(unstable)(unfixed)unimportant
gnupg1source(unstable)(unfixed)unimportant
libgcrypt11source(unstable)(unfixed)
libgcrypt20source(unstable)(unfixed)

Notes

https://github.com/weikengchen/attack-on-libgcrypt-elgamal
https://github.com/weikengchen/attack-on-libgcrypt-elgamal/wiki
https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html
GnuPG uses ElGamal in hybrid mode only.

Search for package or bug name: Reporting problems