CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.7%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 5.0

References

Products affected by CVE-2018-6594

Dlitz » Pycrypto » Version: 1.0.0

cpe:2.3:a:dlitz:pycrypto:1.0.0
Dlitz » Pycrypto » Version: 1.0.1

cpe:2.3:a:dlitz:pycrypto:1.0.1
Dlitz » Pycrypto » Version: 1.0.2

cpe:2.3:a:dlitz:pycrypto:1.0.2
Dlitz » Pycrypto » Version: 1.1

cpe:2.3:a:dlitz:pycrypto:1.1
Dlitz » Pycrypto » Version: 1.9

cpe:2.3:a:dlitz:pycrypto:1.9
Dlitz » Pycrypto » Version: 2.0

cpe:2.3:a:dlitz:pycrypto:2.0
Dlitz » Pycrypto » Version: 2.0.1

cpe:2.3:a:dlitz:pycrypto:2.0.1
Dlitz » Pycrypto » Version: 2.1.0

cpe:2.3:a:dlitz:pycrypto:2.1.0
Dlitz » Pycrypto » Version: 2.2

cpe:2.3:a:dlitz:pycrypto:2.2
Dlitz » Pycrypto » Version: 2.3

cpe:2.3:a:dlitz:pycrypto:2.3
Dlitz » Pycrypto » Version: 2.4

cpe:2.3:a:dlitz:pycrypto:2.4
Dlitz » Pycrypto » Version: 2.4.1

cpe:2.3:a:dlitz:pycrypto:2.4.1
Dlitz » Pycrypto » Version: 2.5

cpe:2.3:a:dlitz:pycrypto:2.5
Dlitz » Pycrypto » Version: 2.6

cpe:2.3:a:dlitz:pycrypto:2.6
Dlitz » Pycrypto » Version: 2.6.1

cpe:2.3:a:dlitz:pycrypto:2.6.1
Canonical » Ubuntu Linux » Version: 12.04

cpe:2.3:o:canonical:ubuntu_linux:12.04
Canonical » Ubuntu Linux » Version: 14.04

cpe:2.3:o:canonical:ubuntu_linux:14.04
Canonical » Ubuntu Linux » Version: 16.04

cpe:2.3:o:canonical:ubuntu_linux:16.04
Canonical » Ubuntu Linux » Version: 17.10

cpe:2.3:o:canonical:ubuntu_linux:17.10
Debian » Debian Linux » Version: 7.0

cpe:2.3:o:debian:debian_linux:7.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2018-6594

Products

Pricing

Contact Us