CVE-2018-6594

moderate-risk
Published 2018-02-03

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Do I need to act?

-
0.80% chance of exploitation
EPSS score — low exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.5/10 High
NETWORK / LOW complexity

Affected Products (6)

Affected Vendors

Debian Canonical Dlitz

References (12)

Third Party Advisory https://github.com/TElgamal/attack-on-pycrypto-elgamal
Exploit https://github.com/dlitz/pycrypto/issues/253
Mailing List https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://security.gentoo.org/glsa/202007-62
Third Party Advisory https://usn.ubuntu.com/3616-1/
Third Party Advisory https://usn.ubuntu.com/3616-2/
Third Party Advisory https://github.com/TElgamal/attack-on-pycrypto-elgamal
Exploit https://github.com/dlitz/pycrypto/issues/253
Mailing List https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://security.gentoo.org/glsa/202007-62
Third Party Advisory https://usn.ubuntu.com/3616-1/
Third Party Advisory https://usn.ubuntu.com/3616-2/
42
/ 100
moderate-risk
Severity 26/34 · High
Exploitability 3/34 · Minimal
Exposure 13/34 · Low