Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Pycrypto
(Dlitz)| Repositories |
• https://github.com/dlitz/pycrypto
• https://github.com/Legrandin/pycrypto |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2017-02-15 | CVE-2013-7459 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | Pycrypto, Fedora | 9.8 | ||
| 2018-02-03 | CVE-2018-6594 | lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | Ubuntu_linux, Debian_linux, Pycrypto | 7.5 | ||
| 2013-10-26 | CVE-2013-1445 | The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | Pycrypto | N/A | ||
| 2012-06-17 | CVE-2012-2417 | PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. | Pycrypto | N/A |