High severity7.5NVD Advisory· Published Feb 3, 2018· Updated Jun 17, 2026
CVE-2018-6594
CVE-2018-6594
Description
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pycryptoPyPI | <= 2.6.1 | — |
Affected products
1Patches
Vulnerability mechanics
References
10- github.com/dlitz/pycrypto/issues/253nvdExploitIssue TrackingThird Party AdvisoryWEB
- github.com/advisories/GHSA-6528-wvf6-f6qgghsaADVISORY
- lists.debian.org/debian-lts-announce/2018/02/msg00018.htmlnvdMailing ListThird Party AdvisoryWEB
- nvd.nist.gov/vuln/detail/CVE-2018-6594ghsaADVISORY
- usn.ubuntu.com/3616-1/nvdThird Party Advisory
- usn.ubuntu.com/3616-2/nvdThird Party Advisory
- github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2018-97.yamlghsaWEB
- security.gentoo.org/glsa/202007-62nvdWEB
- usn.ubuntu.com/3616-1ghsaWEB
- usn.ubuntu.com/3616-2ghsaWEB
News mentions
0No linked articles in our index yet.