Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2013-7459 (GCVE-0-2013-7459)
Vulnerability from cvelistv5 – Published: 2017-02-15 15:00 – Updated: 2024-08-06 18:09
VLAI?
EPSS
Summary
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
9 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1409754 | x_refsource_CONFIRM |
| https://pony7.fr/ctf:public:32c3:cryptmsg | x_refsource_MISC |
| http://www.openwall.com/lists/oss-security/2016/12/27/8 | mailing-listx_refsource_MLIST |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://github.com/dlitz/pycrypto/issues/176 | x_refsource_CONFIRM |
| http://www.securityfocus.com/bid/95122 | vdb-entryx_refsource_BID |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/201702-14 | vendor-advisoryx_refsource_GENTOO |
| https://github.com/dlitz/pycrypto/commit/8dbe0dc3… | x_refsource_CONFIRM |
Date Public ?
2016-12-27 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-27T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"name": "https://pony7.fr/ctf:public:32c3:cryptmsg",
"refsource": "MISC",
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"name": "https://github.com/dlitz/pycrypto/issues/176",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"name": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7459",
"datePublished": "2017-02-15T15:00:00.000Z",
"dateReserved": "2016-12-27T00:00:00.000Z",
"dateUpdated": "2024-08-06T18:09:16.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2013-7459",
"date": "2026-05-19",
"epss": "0.14532",
"percentile": "0.94535"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.6.1\", \"matchCriteriaId\": \"9A04076A-FFA3-48C6-A43D-171C93A38B5A\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"772E9557-A371-4664-AE2D-4135AAEB89AA\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.\"}, {\"lang\": \"es\", \"value\": \"Desbordamiento de b\\u00fafer basado en memoria din\\u00e1mica en la funci\\u00f3n ALGnew en block_templace.c en Python Cryptography Toolkit (tambi\\u00e9n conocido como pycrypto) permite a atacantes remotos ejecutar c\\u00f3digo arbitrario como se demuestra por un par\\u00e1metro iv manipulado para cryptmsg.py.\"}]",
"id": "CVE-2013-7459",
"lastModified": "2024-11-21T02:01:03.513",
"metrics": "{\"cvssMetricV30\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.0\", \"vectorString\": \"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 9.8, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 7.5, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2017-02-15T15:59:00.153",
"references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2016/12/27/8\", \"source\": \"cve@mitre.org\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95122\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1409754\", \"source\": \"cve@mitre.org\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/issues/176\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://pony7.fr/ctf:public:32c3:cryptmsg\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-14\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2016/12/27/8\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/95122\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1409754\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/issues/176\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Vendor Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://pony7.fr/ctf:public:32c3:cryptmsg\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Technical Description\", \"Third Party Advisory\"]}, {\"url\": \"https://security.gentoo.org/glsa/201702-14\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2013-7459\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2017-02-15T15:59:00.153\",\"lastModified\":\"2026-05-13T00:24:29.033\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.\"},{\"lang\":\"es\",\"value\":\"Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ALGnew en block_templace.c en Python Cryptography Toolkit (tambi\u00e9n conocido como pycrypto) permite a atacantes remotos ejecutar c\u00f3digo arbitrario como se demuestra por un par\u00e1metro iv manipulado para cryptmsg.py.\"}],\"metrics\":{\"cvssMetricV30\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.0\",\"vectorString\":\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":9.8,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":7.5,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.6.1\",\"matchCriteriaId\":\"9A04076A-FFA3-48C6-A43D-171C93A38B5A\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C729D5D1-ED95-443A-9F53-5D7C2FD9B80C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"772E9557-A371-4664-AE2D-4135AAEB89AA\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2016/12/27/8\",\"source\":\"cve@mitre.org\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95122\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1409754\",\"source\":\"cve@mitre.org\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/issues/176\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://pony7.fr/ctf:public:32c3:cryptmsg\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-14\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2016/12/27/8\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/95122\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1409754\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/issues/176\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Vendor Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://pony7.fr/ctf:public:32c3:cryptmsg\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Technical Description\",\"Third Party Advisory\"]},{\"url\":\"https://security.gentoo.org/glsa/201702-14\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2022-AVI-278
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Spectrum discover. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Discover versions 2.0.4.X ant\u00e9rieures \u00e0 2.0.4.5",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7751"
},
{
"name": "CVE-2019-20477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
},
{
"name": "CVE-2020-8116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
},
{
"name": "CVE-2020-7699",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7699"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2013-7459",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7459"
},
{
"name": "CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2020-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
},
{
"name": "CVE-2020-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"name": "CVE-2018-6594",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6594"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"name": "CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-43616",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-278",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-29T00:00:00.000000"
},
{
"description": "ajout avis \u00e9diteur du 31 mars 2022 et CVE CVE-2021-41092",
"revision_date": "2022-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\ndiscover. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum discover",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6566889 du 28 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6566889"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6568675 du 31 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6568675"
}
]
}
CERTFR-2022-AVI-278
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans IBM Spectrum discover. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
References
| Title | Publication Time | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "IBM Spectrum Discover versions 2.0.4.X ant\u00e9rieures \u00e0 2.0.4.5",
"product": {
"name": "Spectrum",
"vendor": {
"name": "IBM",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-7751",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7751"
},
{
"name": "CVE-2019-20477",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20477"
},
{
"name": "CVE-2020-1747",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-1747"
},
{
"name": "CVE-2020-28498",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-28498"
},
{
"name": "CVE-2020-8116",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-8116"
},
{
"name": "CVE-2020-7699",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7699"
},
{
"name": "CVE-2020-14343",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-14343"
},
{
"name": "CVE-2020-7720",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7720"
},
{
"name": "CVE-2013-7459",
"url": "https://www.cve.org/CVERecord?id=CVE-2013-7459"
},
{
"name": "CVE-2021-23369",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23369"
},
{
"name": "CVE-2019-19919",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-19919"
},
{
"name": "CVE-2020-13822",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-13822"
},
{
"name": "CVE-2020-7608",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7608"
},
{
"name": "CVE-2021-41092",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-41092"
},
{
"name": "CVE-2019-20922",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20922"
},
{
"name": "CVE-2018-6594",
"url": "https://www.cve.org/CVERecord?id=CVE-2018-6594"
},
{
"name": "CVE-2020-7660",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-7660"
},
{
"name": "CVE-2020-15366",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-15366"
},
{
"name": "CVE-2019-20920",
"url": "https://www.cve.org/CVERecord?id=CVE-2019-20920"
},
{
"name": "CVE-2021-23383",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-23383"
},
{
"name": "CVE-2021-3918",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-3918"
},
{
"name": "CVE-2022-0122",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0122"
},
{
"name": "CVE-2021-43616",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-43616"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-278",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-03-29T00:00:00.000000"
},
{
"description": "ajout avis \u00e9diteur du 31 mars 2022 et CVE CVE-2021-41092",
"revision_date": "2022-04-04T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans IBM Spectrum\ndiscover. Certaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer\nune ex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0\ndistance et un contournement de la politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans IBM Spectrum discover",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6566889 du 28 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6566889"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 IBM 6568675 du 31 mars 2022",
"url": "https://www.ibm.com/support/pages/node/6568675"
}
]
}
CNVD-2017-00022
Vulnerability from cnvd - Published: 2017-01-03
VLAI Severity ?
Title
PyCrypto 'cryptmsg.py'缓冲区溢出漏洞
Description
PyCrypto是一个使用Python编写的加密工具包,它包含了MD5、AES、DES3等加密算法。
PyCrypto存在缓冲区溢出漏洞,攻击者可利用漏洞造成拒绝服务。
Severity
中
Patch Name
PyCrypto 'cryptmsg.py'缓冲区溢出漏洞的补丁
Patch Description
PyCrypto是一个使用Python编写的加密工具包,它包含了MD5、AES、DES3等加密算法。
PyCrypto存在缓冲区溢出漏洞,攻击者可利用漏洞造成拒绝服务。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
用户可联系供应商获得补丁信息: https://www.dlitz.net/software/pycrypto/
Reference
http://www.securityfocus.com/bid/95122
Impacted products
| Name | PyCrypto PyCrypto |
|---|
{
"bids": {
"bid": {
"bidNumber": "95122"
}
},
"cves": {
"cve": {
"cveNumber": "CVE-2013-7459"
}
},
"description": "PyCrypto\u662f\u4e00\u4e2a\u4f7f\u7528Python\u7f16\u5199\u7684\u52a0\u5bc6\u5de5\u5177\u5305\uff0c\u5b83\u5305\u542b\u4e86MD5\u3001AES\u3001DES3\u7b49\u52a0\u5bc6\u7b97\u6cd5\u3002\r\n\r\nPyCrypto\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002",
"discovererName": "Leo Famulari.",
"formalWay": "\u7528\u6237\u53ef\u8054\u7cfb\u4f9b\u5e94\u5546\u83b7\u5f97\u8865\u4e01\u4fe1\u606f\uff1a\r\nhttps://www.dlitz.net/software/pycrypto/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2017-00022",
"openTime": "2017-01-03",
"patchDescription": "PyCrypto\u662f\u4e00\u4e2a\u4f7f\u7528Python\u7f16\u5199\u7684\u52a0\u5bc6\u5de5\u5177\u5305\uff0c\u5b83\u5305\u542b\u4e86MD5\u3001AES\u3001DES3\u7b49\u52a0\u5bc6\u7b97\u6cd5\u3002\r\n\r\nPyCrypto\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u9020\u6210\u62d2\u7edd\u670d\u52a1\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "PyCrypto \u0027cryptmsg.py\u0027\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u7684\u8865\u4e01",
"products": {
"product": "PyCrypto PyCrypto"
},
"referenceLink": "http://www.securityfocus.com/bid/95122",
"serverity": "\u4e2d",
"submitTime": "2016-12-29",
"title": "PyCrypto \u0027cryptmsg.py\u0027\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e"
}
FKIE_CVE-2013-7459
Vulnerability from fkie_nvd - Published: 2017-02-15 15:59 - Updated: 2026-05-13 00:24
Severity ?
Summary
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlitz | pycrypto | * | |
| fedoraproject | fedora | 24 | |
| fedoraproject | fedora | 25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A04076A-FFA3-48C6-A43D-171C93A38B5A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ALGnew en block_templace.c en Python Cryptography Toolkit (tambi\u00e9n conocido como pycrypto) permite a atacantes remotos ejecutar c\u00f3digo arbitrario como se demuestra por un par\u00e1metro iv manipulado para cryptmsg.py."
}
],
"id": "CVE-2013-7459",
"lastModified": "2026-05-13T00:24:29.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T15:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201702-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
GHSA-CQ27-V7XP-C356
Vulnerability from github – Published: 2018-12-14 18:51 – Updated: 2024-10-18 21:59
VLAI?
Summary
Buffer Overflow in pycrypto
Details
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Severity ?
9.8 (Critical)
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pycrypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "2.6.1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2013-7459"
],
"database_specific": {
"cwe_ids": [
"CWE-119"
],
"github_reviewed": true,
"github_reviewed_at": "2020-06-16T21:32:15Z",
"nvd_published_at": null,
"severity": "CRITICAL"
},
"details": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"id": "GHSA-cq27-v7xp-c356",
"modified": "2024-10-18T21:59:58Z",
"published": "2018-12-14T18:51:38Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2013-7459"
},
{
"type": "WEB",
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"type": "WEB",
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cq27-v7xp-c356"
},
{
"type": "PACKAGE",
"url": "https://github.com/dlitz/pycrypto"
},
{
"type": "WEB",
"url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2017-94.yaml"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"type": "CVSS_V4"
}
],
"summary": "Buffer Overflow in pycrypto"
}
GSD-2013-7459
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2013-7459",
"description": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"id": "GSD-2013-7459",
"references": [
"https://www.suse.com/security/cve/CVE-2013-7459.html",
"https://ubuntu.com/security/CVE-2013-7459",
"https://advisories.mageia.org/CVE-2013-7459.html",
"https://alas.aws.amazon.com/cve/html/CVE-2013-7459.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2013-7459"
],
"details": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"id": "GSD-2013-7459",
"modified": "2023-12-13T01:22:18.818653Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"name": "https://pony7.fr/ctf:public:32c3:cryptmsg",
"refsource": "MISC",
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"name": "https://github.com/dlitz/pycrypto/issues/176",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"name": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
]
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "\u003c=2.6.1",
"affected_versions": "All versions up to 2.6.1",
"cvss_v2": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"cvss_v3": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"cwe_ids": [
"CWE-1035",
"CWE-119",
"CWE-78",
"CWE-937"
],
"date": "2021-09-09",
"description": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"fixed_versions": [],
"identifier": "CVE-2013-7459",
"identifiers": [
"GHSA-cq27-v7xp-c356",
"CVE-2013-7459"
],
"not_impacted": "",
"package_slug": "pypi/pycrypto",
"pubdate": "2018-12-14",
"solution": "Unfortunately, there is no solution available yet.",
"title": "Improper Restriction of Operations within the Bounds of a Memory Buffer",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2013-7459",
"https://github.com/dlitz/pycrypto/issues/176",
"https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4",
"https://bugzilla.redhat.com/show_bug.cgi?id=1409754",
"https://github.com/advisories/GHSA-cq27-v7xp-c356",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/",
"https://pony7.fr/ctf:public:32c3:cryptmsg",
"https://security.gentoo.org/glsa/201702-14",
"http://www.openwall.com/lists/oss-security/2016/12/27/8",
"http://www.securityfocus.com/bid/95122"
],
"uuid": "c1961de8-8c07-41d7-94f2-07c1306c2431"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7459"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://pony7.fr/ctf:public:32c3:cryptmsg",
"refsource": "MISC",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "FEDORA-2017-7c569d396b",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"name": "FEDORA-2017-08207fe48b",
"refsource": "FEDORA",
"tags": [
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "https://github.com/dlitz/pycrypto/issues/176",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4",
"refsource": "CONFIRM",
"tags": [
"Patch"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754",
"refsource": "CONFIRM",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"name": "95122",
"refsource": "BID",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "GLSA-201702-14",
"refsource": "GENTOO",
"tags": [],
"url": "https://security.gentoo.org/glsa/201702-14"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
},
"lastModifiedDate": "2017-07-01T01:29Z",
"publishedDate": "2017-02-15T15:59Z"
}
}
}
PYSEC-2017-94
Vulnerability from pysec - Published: 2017-02-15 15:59 - Updated: 2021-08-27 03:22
VLAI?
Details
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
Impacted products
| Name | purl | pycrypto | pkg:pypi/pycrypto |
|---|
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "pycrypto",
"purl": "pkg:pypi/pycrypto"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
],
"repo": "https://github.com/dlitz/pycrypto",
"type": "GIT"
},
{
"events": [
{
"introduced": "0"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.9a2",
"1.9a5",
"1.9a6",
"2.0",
"2.0.1",
"2.1.0",
"2.2",
"2.3",
"2.4",
"2.4.1",
"2.5",
"2.6",
"2.6.1"
]
}
],
"aliases": [
"CVE-2013-7459",
"GHSA-cq27-v7xp-c356"
],
"details": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"id": "PYSEC-2017-94",
"modified": "2021-08-27T03:22:16.665546Z",
"published": "2017-02-15T15:59:00Z",
"references": [
{
"type": "WEB",
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"type": "REPORT",
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"type": "FIX",
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"type": "REPORT",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/95122"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"type": "ADVISORY",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cq27-v7xp-c356"
}
]
}
SUSE-SU-2017:1744-1
Vulnerability from csaf_suse - Published: 2017-06-30 15:26 - Updated: 2017-06-30 15:26Summary
Security update for python-pycrypto
Severity
Important
Notes
Title of the patch: Security update for python-pycrypto
Description of the patch: This update for python-pycrypto fixes the following issues:
- CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420).
Patchnames: slesctsp3-python-pycrypto-13187,slesctsp4-python-pycrypto-13187
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
10 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pycrypto",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pycrypto fixes the following issues:\n\n- CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "slesctsp3-python-pycrypto-13187,slesctsp4-python-pycrypto-13187",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_1744-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:1744-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171744-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:1744-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SKY7WCHFWKRKAW7PBKT42PXBLVRNISRR/#SKY7WCHFWKRKAW7PBKT42PXBLVRNISRR"
},
{
"category": "self",
"summary": "SUSE Bug 1017420",
"url": "https://bugzilla.suse.com/1017420"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7459 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7459/"
}
],
"title": "Security update for python-pycrypto",
"tracking": {
"current_release_date": "2017-06-30T15:26:49Z",
"generator": {
"date": "2017-06-30T15:26:49Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:1744-1",
"initial_release_date": "2017-06-30T15:26:49Z",
"revision_history": [
{
"date": "2017-06-30T15:26:49Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-5.1.i586",
"product": {
"name": "python-pycrypto-2.6.1-5.1.i586",
"product_id": "python-pycrypto-2.6.1-5.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-5.1.ia64",
"product": {
"name": "python-pycrypto-2.6.1-5.1.ia64",
"product_id": "python-pycrypto-2.6.1-5.1.ia64"
}
}
],
"category": "architecture",
"name": "ia64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-5.1.ppc64",
"product": {
"name": "python-pycrypto-2.6.1-5.1.ppc64",
"product_id": "python-pycrypto-2.6.1-5.1.ppc64"
}
}
],
"category": "architecture",
"name": "ppc64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-5.1.s390x",
"product": {
"name": "python-pycrypto-2.6.1-5.1.s390x",
"product_id": "python-pycrypto-2.6.1-5.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-5.1.x86_64",
"product": {
"name": "python-pycrypto-2.6.1-5.1.x86_64",
"product_id": "python-pycrypto-2.6.1-5.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-clienttools:11:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product": {
"name": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_identification_helper": {
"cpe": "cpe:/a:suse:sle-clienttools:11:sp4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586"
},
"product_reference": "python-pycrypto-2.6.1-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.i586 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586"
},
"product_reference": "python-pycrypto-2.6.1-5.1.i586",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.ia64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.ia64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.ppc64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.ppc64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.s390x as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-5.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-5.1.x86_64 as component of SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS",
"product_id": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-5.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7459"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7459",
"url": "https://www.suse.com/security/cve/CVE-2013-7459"
},
{
"category": "external",
"summary": "SUSE Bug 1017420 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1017420"
},
{
"category": "external",
"summary": "SUSE Bug 1047666 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1047666"
},
{
"category": "external",
"summary": "SUSE Bug 1087140 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1087140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP3-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.i586",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ia64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.ppc64",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.s390x",
"SUSE Linux Enterprise Server 11 SP4-CLIENT-TOOLS:python-pycrypto-2.6.1-5.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-06-30T15:26:49Z",
"details": "moderate"
}
],
"title": "CVE-2013-7459"
}
]
}
SUSE-SU-2017:2350-1
Vulnerability from csaf_suse - Published: 2017-09-05 12:41 - Updated: 2017-09-05 12:41Summary
Security update for python-pycrypto
Severity
Important
Notes
Title of the patch: Security update for python-pycrypto
Description of the patch: This update for python-pycrypto fixes the following issues:
- CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420).
python-paramiko was adjusted to work together with this python-pycrypto change. (bsc#1047666)
Patchnames: SUSE-CAASP-ALL-2017-1457,SUSE-OpenStack-Cloud-6-2017-1457,SUSE-OpenStack-Cloud-7-2017-1457,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1457,SUSE-SLE-Manager-Tools-12-2017-1457,SUSE-SLE-Module-Adv-Systems-Management-12-2017-1457,SUSE-SLE-Module-Public-Cloud-12-2017-1457,SUSE-SLE-Module-Web-Scripting-12-2017-1457,SUSE-SLE-POS-12-SP2-2017-1457,SUSE-SUSE-Manager-Proxy-3.0-2017-1457,SUSE-SUSE-Manager-Proxy-3.1-2017-1457,SUSE-SUSE-Manager-Server-3.0-2017-1457,SUSE-SUSE-Manager-Server-3.1-2017-1457,SUSE-Storage-3-2017-1457,SUSE-Storage-4-2017-1457
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
9.8 (Critical)
Affected products
Recommended
35 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.6.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Point of Sale 12 SP2:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.0:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:python-paramiko-1.15.2-2.3.1.noarch | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 6:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
11 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for python-pycrypto",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for python-pycrypto fixes the following issues:\n\n- CVE-2013-7459: Fixed a potential heap buffer overflow in ALGnew (bsc#1017420).\n\npython-paramiko was adjusted to work together with this python-pycrypto change. (bsc#1047666)\n\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-CAASP-ALL-2017-1457,SUSE-OpenStack-Cloud-6-2017-1457,SUSE-OpenStack-Cloud-7-2017-1457,SUSE-OpenStack-Cloud-Magnum-Orchestration-7-2017-1457,SUSE-SLE-Manager-Tools-12-2017-1457,SUSE-SLE-Module-Adv-Systems-Management-12-2017-1457,SUSE-SLE-Module-Public-Cloud-12-2017-1457,SUSE-SLE-Module-Web-Scripting-12-2017-1457,SUSE-SLE-POS-12-SP2-2017-1457,SUSE-SUSE-Manager-Proxy-3.0-2017-1457,SUSE-SUSE-Manager-Proxy-3.1-2017-1457,SUSE-SUSE-Manager-Server-3.0-2017-1457,SUSE-SUSE-Manager-Server-3.1-2017-1457,SUSE-Storage-3-2017-1457,SUSE-Storage-4-2017-1457",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2017_2350-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2017:2350-1",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172350-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2017:2350-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2017-September/003184.html"
},
{
"category": "self",
"summary": "SUSE Bug 1017420",
"url": "https://bugzilla.suse.com/1017420"
},
{
"category": "self",
"summary": "SUSE Bug 1047666",
"url": "https://bugzilla.suse.com/1047666"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2013-7459 page",
"url": "https://www.suse.com/security/cve/CVE-2013-7459/"
}
],
"title": "Security update for python-pycrypto",
"tracking": {
"current_release_date": "2017-09-05T12:41:27Z",
"generator": {
"date": "2017-09-05T12:41:27Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2017:2350-1",
"initial_release_date": "2017-09-05T12:41:27Z",
"revision_history": [
{
"date": "2017-09-05T12:41:27Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-10.3.1.aarch64",
"product": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64",
"product_id": "python-pycrypto-2.6.1-10.3.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "python-paramiko-1.15.2-2.3.1.noarch",
"product": {
"name": "python-paramiko-1.15.2-2.3.1.noarch",
"product_id": "python-paramiko-1.15.2-2.3.1.noarch"
}
},
{
"category": "product_version",
"name": "python-paramiko-1.15.2-2.6.1.noarch",
"product": {
"name": "python-paramiko-1.15.2-2.6.1.noarch",
"product_id": "python-paramiko-1.15.2-2.6.1.noarch"
}
}
],
"category": "architecture",
"name": "noarch"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"product": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"product_id": "python-pycrypto-2.6.1-10.3.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-10.3.1.s390x",
"product": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x",
"product_id": "python-pycrypto-2.6.1-10.3.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "python-pycrypto-2.6.1-10.3.1.x86_64",
"product": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64",
"product_id": "python-pycrypto-2.6.1-10.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 6",
"product": {
"name": "SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:6"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 7",
"product": {
"name": "SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:7"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Client Tools 12",
"product": {
"name": "SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12"
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product": {
"name": "SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product_id": "SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-adv-systems-management:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product": {
"name": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-public-cloud:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product": {
"name": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-module-web-scripting:12"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Point of Sale 12 SP2",
"product": {
"name": "SUSE Linux Enterprise Point of Sale 12 SP2",
"product_id": "SUSE Linux Enterprise Point of Sale 12 SP2",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle-pos:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.0",
"product": {
"name": "SUSE Manager Proxy 3.0",
"product_id": "SUSE Manager Proxy 3.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Proxy 3.1",
"product": {
"name": "SUSE Manager Proxy 3.1",
"product_id": "SUSE Manager Proxy 3.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-proxy:3.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.0",
"product": {
"name": "SUSE Manager Server 3.0",
"product_id": "SUSE Manager Server 3.0",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.0"
}
}
},
{
"category": "product_name",
"name": "SUSE Manager Server 3.1",
"product": {
"name": "SUSE Manager Server 3.1",
"product_id": "SUSE Manager Server 3.1",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-manager-server:3.1"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 3",
"product": {
"name": "SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:3"
}
}
},
{
"category": "product_name",
"name": "SUSE Enterprise Storage 4",
"product": {
"name": "SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:ses:4"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-1.15.2-2.3.1.noarch as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:python-paramiko-1.15.2-2.3.1.noarch"
},
"product_reference": "python-paramiko-1.15.2-2.3.1.noarch",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE OpenStack Cloud 6",
"product_id": "SUSE OpenStack Cloud 6:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 6"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE OpenStack Cloud 7",
"product_id": "SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 7"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Manager Client Tools 12",
"product_id": "SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Client Tools 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product_id": "SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Advanced Systems Management 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product_id": "SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Advanced Systems Management 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Advanced Systems Management 12",
"product_id": "SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Advanced Systems Management 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-1.15.2-2.6.1.noarch as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.6.1.noarch"
},
"product_reference": "python-paramiko-1.15.2-2.6.1.noarch",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Public Cloud 12",
"product_id": "SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Public Cloud 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Linux Enterprise Module for Web and Scripting 12",
"product_id": "SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Module for Web and Scripting 12"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Linux Enterprise Point of Sale 12 SP2",
"product_id": "SUSE Linux Enterprise Point of Sale 12 SP2:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Point of Sale 12 SP2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Manager Proxy 3.0",
"product_id": "SUSE Manager Proxy 3.0:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Manager Proxy 3.1",
"product_id": "SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Proxy 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Manager Proxy 3.1",
"product_id": "SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Proxy 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Manager Server 3.0",
"product_id": "SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Manager Server 3.0",
"product_id": "SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.0"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.ppc64le as component of SUSE Manager Server 3.1",
"product_id": "SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.ppc64le",
"relates_to_product_reference": "SUSE Manager Server 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.s390x as component of SUSE Manager Server 3.1",
"product_id": "SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.s390x"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.s390x",
"relates_to_product_reference": "SUSE Manager Server 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Manager Server 3.1",
"product_id": "SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Manager Server 3.1"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-paramiko-1.15.2-2.3.1.noarch as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1.noarch"
},
"product_reference": "python-paramiko-1.15.2-2.3.1.noarch",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Enterprise Storage 3",
"product_id": "SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.aarch64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.aarch64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.aarch64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "python-pycrypto-2.6.1-10.3.1.x86_64 as component of SUSE Enterprise Storage 4",
"product_id": "SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.x86_64"
},
"product_reference": "python-pycrypto-2.6.1-10.3.1.x86_64",
"relates_to_product_reference": "SUSE Enterprise Storage 4"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7459",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2013-7459"
}
],
"notes": [
{
"category": "general",
"text": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Point of Sale 12 SP2:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 6:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE OpenStack Cloud 6:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2013-7459",
"url": "https://www.suse.com/security/cve/CVE-2013-7459"
},
{
"category": "external",
"summary": "SUSE Bug 1017420 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1017420"
},
{
"category": "external",
"summary": "SUSE Bug 1047666 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1047666"
},
{
"category": "external",
"summary": "SUSE Bug 1087140 for CVE-2013-7459",
"url": "https://bugzilla.suse.com/1087140"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Point of Sale 12 SP2:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 6:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE OpenStack Cloud 6:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"products": [
"SUSE Enterprise Storage 3:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 3:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Enterprise Storage 4:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Advanced Systems Management 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-paramiko-1.15.2-2.6.1.noarch",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Public Cloud 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Linux Enterprise Module for Web and Scripting 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Linux Enterprise Point of Sale 12 SP2:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Client Tools 12:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Proxy 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.0:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.ppc64le",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE Manager Server 3.1:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 6:python-paramiko-1.15.2-2.3.1.noarch",
"SUSE OpenStack Cloud 6:python-pycrypto-2.6.1-10.3.1.x86_64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.aarch64",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.s390x",
"SUSE OpenStack Cloud 7:python-pycrypto-2.6.1-10.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2017-09-05T12:41:27Z",
"details": "moderate"
}
],
"title": "CVE-2013-7459"
}
]
}
WID-SEC-W-2024-1441
Vulnerability from csaf_certbund - Published: 2017-02-19 23:00 - Updated: 2024-06-24 22:00Summary
Python-crypto: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode
Severity
Mittel
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: python-crypto ist eine Sammlung von kryptografischen Algorithmen und Protokollen für die Nutzung in Python.
Angriff: Ein entfernter, anonymer Angreifer kann eine Schwachstelle in python-crypto ausnutzen, um beliebigen Programmcode auszuführen oder einen Denial of Service Angriff durchzuführen.
Betroffene Betriebssysteme: - Linux
- UNIX
Es existiert eine Schwachstelle in python-crypto. Diese Schwachstelle besteht in der Funktion "ALGnew" in [block_templace.c] und wird durch einen Heap-basierten Pufferüberlauf verursacht. Ein entfernter anonymer Angreifer kann diese Schwachstelle mittels eines manipulierten Initialisierungsvektor-Parameter ausnutzen, um einen Denial of Service Zustand herbeizuführen oder beliebigen Code zur Ausführung zu bringen.
Affected products
Known affected
6 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Ubuntu Linux 16.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.04_lts
|
16.04 LTS | |
|
SUSE Linux
SUSE
|
cpe:/o:suse:suse_linux:-
|
— | |
|
Ubuntu Linux 16.10
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:16.10
|
16.1 | |
|
Open Source python-crypto
Open Source
|
cpe:/a:python:python-crypto:-
|
— | |
|
Ubuntu Linux 14.04 LTS
Ubuntu / Linux
|
cpe:/o:canonical:ubuntu_linux:14.04:-:lts
|
14.04 LTS | |
|
Amazon Linux 2
Amazon
|
cpe:/o:amazon:linux_2:-
|
— |
References
9 references
{
"document": {
"aggregate_severity": {
"text": "mittel"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "python-crypto ist eine Sammlung von kryptografischen Algorithmen und Protokollen f\u00fcr die Nutzung in Python.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer Angreifer kann eine Schwachstelle in python-crypto ausnutzen, um beliebigen Programmcode auszuf\u00fchren oder einen Denial of Service Angriff durchzuf\u00fchren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- Linux\n- UNIX",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2024-1441 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2017/wid-sec-w-2024-1441.json"
},
{
"category": "self",
"summary": "WID-SEC-2024-1441 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1441"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3199-1 vom 2017-02-16",
"url": "https://www.ubuntu.com/usn/usn-3199-1/"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3199-1 vom 2017-02-17",
"url": "https://www.ubuntu.com/usn/usn-3199-2/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:1744-1 vom 2017-07-01",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20171744-1.html"
},
{
"category": "external",
"summary": "Ubuntu Security Notice USN-3199-3 vom 2017-08-28",
"url": "http://www.ubuntu.com/usn/usn-3199-3/"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2350-1 vom 2017-09-05",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172350-1.html"
},
{
"category": "external",
"summary": "SUSE Security Update SUSE-SU-2017:2470-1 vom 2017-09-15",
"url": "https://www.suse.com/support/update/announcement/2017/suse-su-20172470-1.html"
},
{
"category": "external",
"summary": "Amazon Linux Security Advisory ALASANSIBLE2-2024-011 vom 2024-06-25",
"url": "https://alas.aws.amazon.com/AL2/ALASANSIBLE2-2024-011.html"
}
],
"source_lang": "en-US",
"title": "Python-crypto: Schwachstelle erm\u00f6glicht Ausf\u00fchren von beliebigem Programmcode",
"tracking": {
"current_release_date": "2024-06-24T22:00:00.000+00:00",
"generator": {
"date": "2024-08-15T18:10:30.473+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.3.5"
}
},
"id": "WID-SEC-W-2024-1441",
"initial_release_date": "2017-02-19T23:00:00.000+00:00",
"revision_history": [
{
"date": "2017-02-19T23:00:00.000+00:00",
"number": "1",
"summary": "Initial Release"
},
{
"date": "2017-02-19T23:00:00.000+00:00",
"number": "2",
"summary": "Version nicht vorhanden"
},
{
"date": "2017-07-02T22:00:00.000+00:00",
"number": "3",
"summary": "New remediations available"
},
{
"date": "2017-08-28T22:00:00.000+00:00",
"number": "4",
"summary": "New remediations available"
},
{
"date": "2017-09-05T22:00:00.000+00:00",
"number": "5",
"summary": "New remediations available"
},
{
"date": "2017-09-14T22:00:00.000+00:00",
"number": "6",
"summary": "New remediations available"
},
{
"date": "2024-06-24T22:00:00.000+00:00",
"number": "7",
"summary": "Neue Updates von Amazon aufgenommen"
}
],
"status": "final",
"version": "7"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Amazon Linux 2",
"product": {
"name": "Amazon Linux 2",
"product_id": "398363",
"product_identification_helper": {
"cpe": "cpe:/o:amazon:linux_2:-"
}
}
}
],
"category": "vendor",
"name": "Amazon"
},
{
"branches": [
{
"category": "product_name",
"name": "Open Source python-crypto",
"product": {
"name": "Open Source python-crypto",
"product_id": "T009407",
"product_identification_helper": {
"cpe": "cpe:/a:python:python-crypto:-"
}
}
}
],
"category": "vendor",
"name": "Open Source"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux",
"product": {
"name": "SUSE Linux",
"product_id": "T002207",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse_linux:-"
}
}
}
],
"category": "vendor",
"name": "SUSE"
},
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "14.04 LTS",
"product": {
"name": "Ubuntu Linux 14.04 LTS",
"product_id": "T003005",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:14.04:-:lts"
}
}
},
{
"category": "product_version",
"name": "16.04 LTS",
"product": {
"name": "Ubuntu Linux 16.04 LTS",
"product_id": "T007521",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:16.04_lts"
}
}
},
{
"category": "product_version",
"name": "16.1",
"product": {
"name": "Ubuntu Linux 16.10",
"product_id": "T008726",
"product_identification_helper": {
"cpe": "cpe:/o:canonical:ubuntu_linux:16.10"
}
}
}
],
"category": "product_name",
"name": "Linux"
}
],
"category": "vendor",
"name": "Ubuntu"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2013-7459",
"notes": [
{
"category": "description",
"text": "Es existiert eine Schwachstelle in python-crypto. Diese Schwachstelle besteht in der Funktion \"ALGnew\" in [block_templace.c] und wird durch einen Heap-basierten Puffer\u00fcberlauf verursacht. Ein entfernter anonymer Angreifer kann diese Schwachstelle mittels eines manipulierten Initialisierungsvektor-Parameter ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren oder beliebigen Code zur Ausf\u00fchrung zu bringen."
}
],
"product_status": {
"known_affected": [
"T007521",
"T002207",
"T008726",
"T009407",
"T003005",
"398363"
]
},
"release_date": "2017-02-19T23:00:00.000+00:00",
"title": "CVE-2013-7459"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…