CVE-2018-6594
03.02.2018, 15:29
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| dlitz | pycrypto | 𝑥 ≤ 2.6.1 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 14.04 |
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 17.10 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Amazon Linux Releases
Amazon Package | |||
|---|---|---|---|
| python-crypto-debuginfo |
| ||
| python-crypto-debugsource |
| ||
| python26-crypto |
| ||
| python27-crypto |
| ||
| python3-crypto |
| ||
| python3-crypto-debuginfo |
|
Common Weakness Enumeration
References