7.5

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2018-6829

GHSA ID

GHSA-wcf7-2f92-j5mv

EPSS Score

0.78546%

CWE

CWE-327

Published

5/13/2022

Updated

2/1/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2018-6829

CVE-2018-6829: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly...

cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation.

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2018-6829

CVE-2018-6829:

7.5

CVSS Score

3.0

-

CVSS Score

Basic Information

CVE ID

CVE-2018-6829

GHSA ID

GHSA-wcf7-2f92-j5mv

EPSS Score

0.78546%

CWE

CWE-327

Published

5/13/2022

Updated

2/1/2023

KEV Status

Technology

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability description clearly points to an issue in the ElGamal encryption process within 'cipher/elgamal.c'. The function '_gcry_elg_encrypt' is the main function for ElGamal encryption in Libgcrypt. While I could not fetch the specific commit details, the provided information strongly suggests this function is at the core of the vulnerability. The attack PoC provided in the references further reinforces this by targeting the ElGamal encryption implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

Reasoning

*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.*v*il**l* *or Mi**o *ustom*rs only.

7.5

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2018-6829: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly...

CVE-2018-6829:

7.5

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2018-6829: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly...

Basic Information

Basic Information

7.5

7.5

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI