Issue metadata
Sign in to add a comment
|
Security: libgcrypt 1.8.2 ElGamal implementation vulnerable to cyphertext-only attack
Reported by
nathanb@lenovo-chrome.com,
Feb 22 2018
|
||||||||||||||||||||
Issue descriptionCVE-2018-6829 libgcrypt through 1.8.2, when used to encrypt messages directly, improperly encodes plaintexts, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for Libgcrypt's ElGamal implementation. I note that the libgcrypt in the repository is 1.6.3 and I don't see patches for this CVE. I'm not a domain expert at all so please do let me know if this vulnerability doesn't apply.
,
Feb 23 2018
,
Feb 26 2018
The NextAction date has arrived: 2018-02-26
,
Feb 26 2018
In ffmpeg, I see gcrypt (and gnutls) used in tls_gnutls.c, but that file isn't compiled from what I can see. gcrypt is also used in hlsenc.c. In that file, it's only used for random-data generation and only if |CONFIG_GCRYPT| is non-zero. We define |CONFIG_GCRYPT| to zero and we don't appear to compile hlsenc.c. At least on my Linux system, I don't see libgcrypt listed as NEEDED in the chrome binary. ldd *does* list it, suggesting that some system library that we use needs it, but we're not using it directly.
,
Feb 26 2018
Thank you for your analysis. That's sufficient information for my purposes.
,
Jun 5 2018
This bug has been closed for more than 14 weeks. Removing security view restrictions. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot |
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by wfh@chromium.org
, Feb 23 2018NextAction: 2018-02-26
Owner: agl@chromium.org
Status: Assigned (was: Unconfirmed)