Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-stxq-tcuq-aud6

Summary lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Aliases

alias	CVE-2018-6594

alias	GHSA-6528-wvf6-f6qg

alias	PYSEC-2018-97

Fixed_packages

Affected_packages

url pkg:pypi/pycrypto@2.6.1

purl pkg:pypi/pycrypto@2.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-af5m-veyp-cugm

vulnerability	VCID-stxq-tcuq-aud6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.6.1

References

reference_url	https://github.com/advisories/GHSA-6528-wvf6-f6qg
reference_id
reference_type
scores
url	https://github.com/advisories/GHSA-6528-wvf6-f6qg

reference_url	https://github.com/dlitz/pycrypto
reference_id
reference_type
scores
url	https://github.com/dlitz/pycrypto

reference_url	https://github.com/dlitz/pycrypto/issues/253
reference_id
reference_type
scores
url	https://github.com/dlitz/pycrypto/issues/253

reference_url	https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2018-97.yaml
reference_id
reference_type
scores
url	https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2018-97.yaml

reference_url	https://github.com/TElgamal/attack-on-pycrypto-elgamal
reference_id
reference_type
scores
url	https://github.com/TElgamal/attack-on-pycrypto-elgamal

reference_url	https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
reference_id
reference_type
scores
url	https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html

reference_url	https://security.gentoo.org/glsa/202007-62
reference_id
reference_type
scores
url	https://security.gentoo.org/glsa/202007-62

reference_url	https://usn.ubuntu.com/3616-1
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-1

reference_url	https://usn.ubuntu.com/3616-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-1/

reference_url	https://usn.ubuntu.com/3616-2
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-2

reference_url	https://usn.ubuntu.com/3616-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-2/

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-6594
reference_id	CVE-2018-6594
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-6594

Weaknesses

cwe_id	326
name	Inadequate Encryption Strength
description	The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-stxq-tcuq-aud6

Vulnerability Instance