CVE-2018-6594
 
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
lib/Crypto/PublicKey/ElGamal.py en PyCrypto hasta la versión 2.6.1 genera parámetros de clave ElGamal débiles, lo que permite que atacantes remotos obtengan información sensible mediante la lectura de datos en texto cifrado (p.ej., no tiene seguridad semántica a la hora de enfrentarse a un ataque solo en texto cifrado). La hipótesis DDH (Decisional Diffie-Hellman) no soporta la implementación ElGamal de PyCrypto.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-02-02 CVE Reserved
- 2018-02-03 CVE Published
- 2023-08-05 EPSS Updated
- 2024-08-05 CVE Updated
- 2024-08-05 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-326: Inadequate Encryption Strength
CAPEC
References (6)
URL | Tag | Source |
---|---|---|
https://github.com/TElgamal/attack-on-pycrypto-elgamal | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://github.com/dlitz/pycrypto/issues/253 | 2024-08-05 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202007-62 | 2020-07-31 | |
https://usn.ubuntu.com/3616-1 | 2020-07-31 | |
https://usn.ubuntu.com/3616-2 | 2020-07-31 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Dlitz Search vendor "Dlitz" | Pycrypto Search vendor "Dlitz" for product "Pycrypto" | <= 2.6.1 Search vendor "Dlitz" for product "Pycrypto" and version " <= 2.6.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0" | - |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04" | esm |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04" | lts |
Affected
| ||||||
Canonical Search vendor "Canonical" | Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux" | 17.10 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.10" | - |
Affected
|