CVE-2018-6594

EUVD-2018-0119
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
dlitzpycrypto
𝑥
≤ 2.6.1
debiandebian_linux
7.0
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pycryptodome
bookworm
3.11.0+dfsg1-4
fixed
bullseye
3.9.7+dfsg1-1
fixed
jessie
no-dsa
sid
3.20.0+dfsg-3
fixed
stretch
no-dsa
trixie
3.20.0+dfsg-3
fixed
wheezy
no-dsa
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pycryptodome
artful
ignored
bionic
Fixed 3.4.7-1ubuntu1
released
trusty
dne
xenial
dne
python-crypto
artful
Fixed 2.6.1-7ubuntu0.1
released
bionic
Fixed 2.6.1-8ubuntu2
released
trusty
Fixed 2.6.1-4ubuntu0.3
released
xenial
Fixed 2.6.1-6ubuntu0.16.04.3
released
Common Weakness Enumeration
References
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/dlitz/pycrypto/issues/253
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://security.gentoo.org/glsa/202007-62
https://usn.ubuntu.com/3616-1/
https://usn.ubuntu.com/3616-2/
https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/dlitz/pycrypto/issues/253
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://security.gentoo.org/glsa/202007-62
https://usn.ubuntu.com/3616-1/
https://usn.ubuntu.com/3616-2/