Bug 1543437 – CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.

Bug 1543437 - (CVE-2018-6829) CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information

Summary:	CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic securit...

Status:	CLOSED NOTABUG

Aliases:	CVE-2018-6829

Product:	Security Response
Classification:	Other
Component:	vulnerability (Show other bugs)
Sub Component:
Version:	unspecified
Hardware:	All Linux

Priority	medium Severity medium
Target Milestone:	---
Target Release:	---
Assigned To:	Red Hat Product Security
QA Contact:
Docs Contact:

URL:
Whiteboard:	impact=moderate,public=20180208,repor...
Keywords:	Security

Depends On:	1543442 1543443 1543438 1543439
Blocks:	1543444
	Show dependency tree / graph

Reported:	2018-02-08 08:20 EST by Adam Mariš
Modified:	2018-02-19 00:08 EST (History)
CC List:	3 users (show)

See Also:
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2018-02-19 00:08:12 EST
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Groups: None (edit)

Description Adam Mariš 2018-02-08 08:20:21 EST

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Reference:

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

Comment 1 Adam Mariš 2018-02-08 08:20:39 EST

Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1543438]

Comment 3 Adam Mariš 2018-02-08 08:23:11 EST

Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1543443]
Affects: fedora-all [bug 1543442]

Comment 4 Tomas Mraz 2018-02-08 10:36:18 EST

I would not say this is a real security issue unless any application really uses El Gamal as described in the e-mail. But then it would be security issue of that application, not libgcrypt in particular.

Comment 5 Huzaifa S. Sidhpurwala 2018-02-19 00:08:12 EST

Statement:

This is not a security flaw in libgcrypt. However if an application uses The El-gamal algorithm implemented by libgcrypt in a particular way than the application would be vulnerable to security flaw(s). More detailed explanation is available at: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html

Note You need to log in before you can comment on or make changes to this bug.