Bug 1543437 (CVE-2018-6829) - CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information
Summary: CVE-2018-6829 libgcrypt: ElGamal implementation doesn't have semantic securit...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2018-6829
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1543438 1543439 1543442 1543443
Blocks: 1543444
TreeView+ depends on / blocked
 
Reported: 2018-02-08 13:20 UTC by Adam Mariš
Modified: 2021-02-17 00:50 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2018-02-19 05:08:12 UTC
Embargoed:


Attachments (Terms of Use)

Description Adam Mariš 2018-02-08 13:20:21 UTC
cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

Reference:

https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004394.html

Comment 1 Adam Mariš 2018-02-08 13:20:39 UTC
Created libgcrypt tracking bugs for this issue:

Affects: fedora-all [bug 1543438]

Comment 3 Adam Mariš 2018-02-08 13:23:11 UTC
Created mingw-libgcrypt tracking bugs for this issue:

Affects: epel-7 [bug 1543443]
Affects: fedora-all [bug 1543442]

Comment 4 Tomas Mraz 2018-02-08 15:36:18 UTC
I would not say this is a real security issue unless any application really uses El Gamal as described in the e-mail. But then it would be security issue of that application, not libgcrypt in particular.

Comment 5 Huzaifa S. Sidhpurwala 2018-02-19 05:08:12 UTC
Statement:

This is not a security flaw in libgcrypt. However if an application uses The El-gamal algorithm implemented by libgcrypt in a particular way than the application would be vulnerable to security flaw(s). More detailed explanation is available at: https://lists.gnupg.org/pipermail/gcrypt-devel/2018-February/004401.html


Note You need to log in before you can comment on or make changes to this bug.