ubuntu · CVE-2018-6594

Quick triage

Priority: medium Published: 2018-02-03 00:00:00 UTC Updated: 2025-08-25 22:58:26 UTC

View at Official ubuntu advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2018-6594 medium priority: Ubuntu including 2 source packages (pycryptodome, python-crypto), 10 status rows across 5 suites (artful, bionic, trusty, upstream, xenial): released 5, DNE 2, needs-triage 2, ignored 1.

Description:

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

cvelogic Threat Intelligence