Vulnerabilites related to dlitz - pycrypto
Vulnerability from fkie_nvd
Published
2018-02-03 15:29
Modified
2024-11-21 04:10
Severity ?
Summary
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlitz | pycrypto | * | |
| debian | debian_linux | 7.0 | |
| canonical | ubuntu_linux | 12.04 | |
| canonical | ubuntu_linux | 14.04 | |
| canonical | ubuntu_linux | 16.04 | |
| canonical | ubuntu_linux | 17.10 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A04076A-FFA3-48C6-A43D-171C93A38B5A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:esm:*:*:*",
"matchCriteriaId": "8D305F7A-D159-4716-AB26-5E38BB5CD991",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*",
"matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*",
"matchCriteriaId": "9070C9D8-A14A-467F-8253-33B966C16886",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto\u0027s ElGamal implementation."
},
{
"lang": "es",
"value": "lib/Crypto/PublicKey/ElGamal.py en PyCrypto hasta la versi\u00f3n 2.6.1 genera par\u00e1metros de clave ElGamal d\u00e9biles, lo que permite que atacantes remotos obtengan informaci\u00f3n sensible mediante la lectura de datos en texto cifrado (p.ej., no tiene seguridad sem\u00e1ntica a la hora de enfrentarse a un ataque solo en texto cifrado). La hip\u00f3tesis DDH (Decisional Diffie-Hellman) no soporta la implementaci\u00f3n ElGamal de PyCrypto."
}
],
"id": "CVE-2018-6594",
"lastModified": "2024-11-21T04:10:57.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-02-03T15:29:00.653",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TElgamal/attack-on-pycrypto-elgamal"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/253"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/202007-62"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3616-1/"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3616-2/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/TElgamal/attack-on-pycrypto-elgamal"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/202007-62"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3616-1/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://usn.ubuntu.com/3616-2/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-326"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2017-02-15 15:59
Modified
2025-04-20 01:37
Severity ?
Summary
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlitz | pycrypto | * | |
| fedoraproject | fedora | 24 | |
| fedoraproject | fedora | 25 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A04076A-FFA3-48C6-A43D-171C93A38B5A",
"versionEndIncluding": "2.6.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*",
"matchCriteriaId": "C729D5D1-ED95-443A-9F53-5D7C2FD9B80C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*",
"matchCriteriaId": "772E9557-A371-4664-AE2D-4135AAEB89AA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en memoria din\u00e1mica en la funci\u00f3n ALGnew en block_templace.c en Python Cryptography Toolkit (tambi\u00e9n conocido como pycrypto) permite a atacantes remotos ejecutar c\u00f3digo arbitrario como se demuestra por un par\u00e1metro iv manipulado para cryptmsg.py."
}
],
"id": "CVE-2013-7459",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-15T15:59:00.153",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"source": "cve@mitre.org",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory",
"VDB Entry"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Technical Description",
"Third Party Advisory"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://security.gentoo.org/glsa/201702-14"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2013-10-26 17:55
Modified
2025-04-11 00:51
Severity ?
Summary
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "56F4166A-4664-4AE0-ACAF-2B9C05E9B408",
"versionEndIncluding": "2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "6D081C1E-301A-45D5-960B-E0F661646DEC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process."
},
{
"lang": "es",
"value": "La funci\u00f3n Crypto.Random.atfork en PyCrypto anterior a 2.6.1 no reestablece correctamente la semilla en el generador de n\u00fameros pseudoaleatorios (PRNG) antes de permitir el acceso a un proceso hijo, lo cual facilita a atacantes dependientes del contexto obtener informaci\u00f3n sensible provocando una condici\u00f3n de carrera en la cual un proceso hijo es creado y accede el PRNG con el mismo l\u00edmite de periodo que otro proceso."
}
],
"id": "CVE-2013-1445",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2013-10-26T17:55:03.027",
"references": [
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2013/dsa-2781"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
},
{
"source": "security@debian.org",
"tags": [
"Exploit"
],
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2013/dsa-2781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-06-17 03:41
Modified
2025-04-11 00:51
Severity ?
Summary
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| dlitz | pycrypto | * | |
| dlitz | pycrypto | 1.0.0 | |
| dlitz | pycrypto | 1.0.1 | |
| dlitz | pycrypto | 1.0.2 | |
| dlitz | pycrypto | 1.1 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 1.9 | |
| dlitz | pycrypto | 2.0 | |
| dlitz | pycrypto | 2.0.1 | |
| dlitz | pycrypto | 2.1.0 | |
| dlitz | pycrypto | 2.1.0 | |
| dlitz | pycrypto | 2.1.0 | |
| dlitz | pycrypto | 2.1.0 | |
| dlitz | pycrypto | 2.2 | |
| dlitz | pycrypto | 2.3 | |
| dlitz | pycrypto | 2.4 | |
| dlitz | pycrypto | 2.4.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
"versionEndIncluding": "2.5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
"matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
"matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
"matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
"matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
"matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
"matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
"matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
},
{
"lang": "es",
"value": "Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada."
}
],
"id": "CVE-2012-2417",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-06-17T03:41:40.763",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49263"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2012/dsa-2502"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/82279"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/53687"
},
{
"source": "cve@mitre.org",
"url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
},
{
"source": "cve@mitre.org",
"url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "https://hermes.opensuse.org/messages/15083589"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/49263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2502"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/82279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/53687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://hermes.opensuse.org/messages/15083589"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-310"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2013-1445 (GCVE-0-2013-1445)
Vulnerability from cvelistv5
Published
2013-10-26 17:00
Modified
2024-09-16 16:43
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175 | x_refsource_CONFIRM | |
| http://www.openwall.com/lists/oss-security/2013/10/17/3 | mailing-list, x_refsource_MLIST | |
| http://www.debian.org/security/2013/dsa-2781 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:04:48.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
},
{
"name": "[oss-security] 20131017 CVE-2013-1445 python-crypto:PRNG not correctly reseeded in some situations",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
},
{
"name": "DSA-2781",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2013/dsa-2781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-10-26T17:00:00Z",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
},
{
"name": "[oss-security] 20131017 CVE-2013-1445 python-crypto:PRNG not correctly reseeded in some situations",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
},
{
"name": "DSA-2781",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2013/dsa-2781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2013-1445",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"
},
{
"name": "[oss-security] 20131017 CVE-2013-1445 python-crypto:PRNG not correctly reseeded in some situations",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2013/10/17/3"
},
{
"name": "DSA-2781",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2013/dsa-2781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2013-1445",
"datePublished": "2013-10-26T17:00:00Z",
"dateReserved": "2013-01-26T00:00:00Z",
"dateUpdated": "2024-09-16T16:43:18.789Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2012-2417 (GCVE-0-2012-2417)
Vulnerability from cvelistv5
Published
2012-06-17 01:00
Modified
2024-08-06 19:34
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T19:34:25.430Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-2502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2502"
},
{
"name": "82279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/82279"
},
{
"name": "FEDORA-2012-8470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
},
{
"name": "MDVSA-2012:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
},
{
"name": "53687",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/53687"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
},
{
"name": "FEDORA-2012-8392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
},
{
"name": "49263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/49263"
},
{
"name": "FEDORA-2012-8490",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
},
{
"name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
},
{
"name": "openSUSE-SU-2012:0830",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "https://hermes.opensuse.org/messages/15083589"
},
{
"name": "pycrypto-keys-weak-security(75871)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2012-04-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "DSA-2502",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2502"
},
{
"name": "82279",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/82279"
},
{
"name": "FEDORA-2012-8470",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
},
{
"name": "MDVSA-2012:117",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
},
{
"name": "53687",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/53687"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
},
{
"name": "FEDORA-2012-8392",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
},
{
"name": "49263",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/49263"
},
{
"name": "FEDORA-2012-8490",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
},
{
"name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
},
{
"name": "openSUSE-SU-2012:0830",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "https://hermes.opensuse.org/messages/15083589"
},
{
"name": "pycrypto-keys-weak-security(75871)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-2417",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-2502",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2012/dsa-2502"
},
{
"name": "82279",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/82279"
},
{
"name": "FEDORA-2012-8470",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
},
{
"name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
"refsource": "MISC",
"url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
},
{
"name": "MDVSA-2012:117",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
},
{
"name": "53687",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/53687"
},
{
"name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
"refsource": "MISC",
"url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
},
{
"name": "FEDORA-2012-8392",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
},
{
"name": "49263",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/49263"
},
{
"name": "FEDORA-2012-8490",
"refsource": "FEDORA",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
},
{
"name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
},
{
"name": "openSUSE-SU-2012:0830",
"refsource": "SUSE",
"url": "https://hermes.opensuse.org/messages/15083589"
},
{
"name": "pycrypto-keys-weak-security(75871)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
},
{
"name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-2417",
"datePublished": "2012-06-17T01:00:00",
"dateReserved": "2012-04-24T00:00:00",
"dateUpdated": "2024-08-06T19:34:25.430Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-7459 (GCVE-0-2013-7459)
Vulnerability from cvelistv5
Published
2017-02-15 15:00
Modified
2024-08-06 18:09
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=1409754 | x_refsource_CONFIRM | |
| https://pony7.fr/ctf:public:32c3:cryptmsg | x_refsource_MISC | |
| http://www.openwall.com/lists/oss-security/2016/12/27/8 | mailing-list, x_refsource_MLIST | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/ | vendor-advisory, x_refsource_FEDORA | |
| https://github.com/dlitz/pycrypto/issues/176 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/95122 | vdb-entry, x_refsource_BID | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/ | vendor-advisory, x_refsource_FEDORA | |
| https://security.gentoo.org/glsa/201702-14 | vendor-advisory, x_refsource_GENTOO | |
| https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:16.939Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-06-30T16:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-7459",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1409754"
},
{
"name": "https://pony7.fr/ctf:public:32c3:cryptmsg",
"refsource": "MISC",
"url": "https://pony7.fr/ctf:public:32c3:cryptmsg"
},
{
"name": "[oss-security] 20161227 Re: Buffer overflow in pycrypto",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/27/8"
},
{
"name": "FEDORA-2017-7c569d396b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/"
},
{
"name": "https://github.com/dlitz/pycrypto/issues/176",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/issues/176"
},
{
"name": "95122",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95122"
},
{
"name": "FEDORA-2017-08207fe48b",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/"
},
{
"name": "GLSA-201702-14",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/201702-14"
},
{
"name": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4",
"refsource": "CONFIRM",
"url": "https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-7459",
"datePublished": "2017-02-15T15:00:00",
"dateReserved": "2016-12-27T00:00:00",
"dateUpdated": "2024-08-06T18:09:16.939Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2018-6594 (GCVE-0-2018-6594)
Vulnerability from cvelistv5
Published
2018-02-03 03:00
Modified
2024-08-05 06:10
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/TElgamal/attack-on-pycrypto-elgamal | x_refsource_MISC | |
| https://usn.ubuntu.com/3616-1/ | vendor-advisory, x_refsource_UBUNTU | |
| https://github.com/dlitz/pycrypto/issues/253 | x_refsource_MISC | |
| https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html | mailing-list, x_refsource_MLIST | |
| https://usn.ubuntu.com/3616-2/ | vendor-advisory, x_refsource_UBUNTU | |
| https://security.gentoo.org/glsa/202007-62 | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T06:10:10.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/TElgamal/attack-on-pycrypto-elgamal"
},
{
"name": "USN-3616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3616-1/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/dlitz/pycrypto/issues/253"
},
{
"name": "[debian-lts-announce] 20180215 [SECURITY] [DLA 1283-1] python-crypto security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html"
},
{
"name": "USN-3616-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "https://usn.ubuntu.com/3616-2/"
},
{
"name": "GLSA-202007-62",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202007-62"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2018-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto\u0027s ElGamal implementation."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-31T18:06:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/TElgamal/attack-on-pycrypto-elgamal"
},
{
"name": "USN-3616-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3616-1/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/dlitz/pycrypto/issues/253"
},
{
"name": "[debian-lts-announce] 20180215 [SECURITY] [DLA 1283-1] python-crypto security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html"
},
{
"name": "USN-3616-2",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "https://usn.ubuntu.com/3616-2/"
},
{
"name": "GLSA-202007-62",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202007-62"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2018-6594",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto\u0027s ElGamal implementation."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/TElgamal/attack-on-pycrypto-elgamal",
"refsource": "MISC",
"url": "https://github.com/TElgamal/attack-on-pycrypto-elgamal"
},
{
"name": "USN-3616-1",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3616-1/"
},
{
"name": "https://github.com/dlitz/pycrypto/issues/253",
"refsource": "MISC",
"url": "https://github.com/dlitz/pycrypto/issues/253"
},
{
"name": "[debian-lts-announce] 20180215 [SECURITY] [DLA 1283-1] python-crypto security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html"
},
{
"name": "USN-3616-2",
"refsource": "UBUNTU",
"url": "https://usn.ubuntu.com/3616-2/"
},
{
"name": "GLSA-202007-62",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202007-62"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2018-6594",
"datePublished": "2018-02-03T03:00:00",
"dateReserved": "2018-02-02T00:00:00",
"dateUpdated": "2024-08-05T06:10:10.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}