Home

CVE-2018-6594

Description

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCryptos ElGamal implementation.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.798

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2013-7459,CVE-2018-6594 are affected in Python-pycrypto 2.6.1Windows
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-4ubuntu0.3_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-4ubuntu0.3_amd64.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-7ubuntu0.1_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-7ubuntu0.1_amd64.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-6ubuntu0.16.04.3_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python-crypto_2.6.1-6ubuntu0.16.04.3_amd64.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-4ubuntu0.3_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-4ubuntu0.3_amd64.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-7ubuntu0.1_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-7ubuntu0.1_amd64.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-6ubuntu0.16.04.3_i386.debLinux
cryptographic algorithms and protocols for Python (USN-3616-1) python3-crypto_2.6.1-6ubuntu0.16.04.3_amd64.debLinux
python-crypto Security Update (ALAS2023-2025-1051) python3-crypto-2.6.1-34.amzn2023.0.2.x86_64.rpmLinux
Vulnerabilities CVE-2013-7459,CVE-2018-6594 are affected in Python-pycrypto for linux 2.6.1Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234