CVE-2018-6829

Name of the Vulnerable Software and Affected Versions: Libgcrypt versions 1.8.2 and earlier

Description: The issue is related to the ElGamal implementation in Libgcrypt, which improperly encodes plaintexts when used for direct encryption. This allows attackers to gain sensitive information by analyzing ciphertext data, as the implementation lacks semantic security against ciphertext-only attacks. The Decisional Diffie-Hellman assumption is not valid for Libgcrypt's ElGamal implementation. The vulnerability can be exploited by a remote attacker to gain unauthorized access to protected information.

Recommendations: For Libgcrypt versions 1.8.2 and earlier, consider updating to a version that addresses the ElGamal implementation issue, as the current version does not provide sufficient security guarantees. At the moment, there is no information about a newer version that contains a fix for this vulnerability.