Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Dlitz Subscribe
Filtered by product Pycrypto
Total 4 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2018-6594 3 Canonical, Debian, Dlitz 3 Ubuntu Linux, Debian Linux, Pycrypto 2020-07-31 5.0 MEDIUM 7.5 HIGH
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
CVE-2012-2417 1 Dlitz 1 Pycrypto 2017-08-28 4.3 MEDIUM N/A
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
CVE-2013-7459 2 Dlitz, Fedoraproject 2 Pycrypto, Fedora 2017-06-30 7.5 HIGH 9.8 CRITICAL
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
CVE-2013-1445 1 Dlitz 1 Pycrypto 2013-10-28 4.3 MEDIUM N/A
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.