dlitz PyCrypto 2.0

CPE Details

dlitz PyCrypto 2.0
dlitz
pycrypto
2.0
2012-06-18
18h57 +00:00
2012-10-26
18h51 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*

Informations

Vendor

dlitz

Product

pycrypto

Version

2.0

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2018-6594 2018-02-03 02h00 +00:00 lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
7.5
High
CVE-2013-7459 2017-02-15 14h00 +00:00 Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
9.8
Critical
CVE-2013-1445 2013-10-26 17h00 +00:00 The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
4.3
CVE-2012-2417 2012-06-16 23h00 +00:00 PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
4.3