Miggo Logo
Miggo Vulnerability Database
CVE-2018-6829

CVE-2018-6829: cipher/elgamal.c in Libgcrypt through 1.8.2, when used to encrypt messages directly, improperly...

7.5

CVSS Score
3.0

Basic Information

CVE ID
CVE-2018-6829
GHSA ID
GHSA-wcf7-2f92-j5mv
EPSS Score
0.78546%
CWE
CWE-327
Published
5/13/2022
Updated
2/1/2023
KEV Status
No
Technology
-

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability description clearly points to an issue in the ElGamal encryption process within 'cipher/elgamal.c'. The function '_gcry_elg_encrypt' is the main function for ElGamal encryption in Libgcrypt. While I could not fetch the specific commit details, the provided information strongly suggests this function is at the core of the vulnerability. The attack PoC provided in the references further reinforces this by targeting the ElGamal encryption implementation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ip**r/*l**m*l.* in Li***rypt t*rou** *.*.*, w**n us** to *n*rypt m*ss***s *ir**tly, improp*rly *n*o**s pl*int*xts, w*i** *llows *tt**k*rs to o*t*in s*nsitiv* in*orm*tion *y r***in* *ip**rt*xt **t* (i.*., it *o*s not **v* s*m*nti* s**urity in **** o*

Reasoning

T** vuln*r**ility **s*ription *l**rly points to *n issu* in t** *l**m*l *n*ryption pro**ss wit*in '*ip**r/*l**m*l.*'. T** *un*tion '_**ry_*l*_*n*rypt' is t** m*in *un*tion *or *l**m*l *n*ryption in Li***rypt. W*il* I *oul* not **t** t** sp**i*i* *omm