Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-gg52-nkc5-4ff1

Summary lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

Aliases

alias	CVE-2018-6594

alias	GHSA-6528-wvf6-f6qg

alias	PYSEC-2018-97

Fixed_packages

url	pkg:deb/debian/pycryptodome@3.4.11-1?distro=trixie
purl	pkg:deb/debian/pycryptodome@3.4.11-1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pycryptodome@3.4.11-1%3Fdistro=trixie

url pkg:deb/debian/pycryptodome@3.9.7%2Bdfsg1-1?distro=trixie

purl pkg:deb/debian/pycryptodome@3.9.7%2Bdfsg1-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xyku-dd6j-u3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pycryptodome@3.9.7%252Bdfsg1-1%3Fdistro=trixie

url pkg:deb/debian/pycryptodome@3.11.0%2Bdfsg1-4?distro=trixie

purl pkg:deb/debian/pycryptodome@3.11.0%2Bdfsg1-4?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-xyku-dd6j-u3ex

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/pycryptodome@3.11.0%252Bdfsg1-4%3Fdistro=trixie

url	pkg:deb/debian/pycryptodome@3.20.0%2Bdfsg-3?distro=trixie
purl	pkg:deb/debian/pycryptodome@3.20.0%2Bdfsg-3?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/pycryptodome@3.20.0%252Bdfsg-3%3Fdistro=trixie

Affected_packages

url pkg:ebuild/dev-python/pycrypto@2.6.1-r2

purl pkg:ebuild/dev-python/pycrypto@2.6.1-r2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

resource_url http://public2.vulnerablecode.io/packages/pkg:ebuild/dev-python/pycrypto@2.6.1-r2

url pkg:pypi/pycrypto@1.9a2

purl pkg:pypi/pycrypto@1.9a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@1.9a2

url pkg:pypi/pycrypto@1.9a5

purl pkg:pypi/pycrypto@1.9a5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@1.9a5

url pkg:pypi/pycrypto@1.9a6

purl pkg:pypi/pycrypto@1.9a6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@1.9a6

url pkg:pypi/pycrypto@2.0

purl pkg:pypi/pycrypto@2.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.0

url pkg:pypi/pycrypto@2.0.1

purl pkg:pypi/pycrypto@2.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.0.1

url pkg:pypi/pycrypto@2.1.0

purl pkg:pypi/pycrypto@2.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.1.0

url pkg:pypi/pycrypto@2.2

purl pkg:pypi/pycrypto@2.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.2

url pkg:pypi/pycrypto@2.3

purl pkg:pypi/pycrypto@2.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.3

url pkg:pypi/pycrypto@2.4

purl pkg:pypi/pycrypto@2.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.4

url pkg:pypi/pycrypto@2.4.1

purl pkg:pypi/pycrypto@2.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.4.1

url pkg:pypi/pycrypto@2.5

purl pkg:pypi/pycrypto@2.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

vulnerability	VCID-s32r-berz-qqhf

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.5

url pkg:pypi/pycrypto@2.6

purl pkg:pypi/pycrypto@2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-mrec-hnpq-jqdn

vulnerability	VCID-qhem-k79n-akc6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.6

url pkg:pypi/pycrypto@2.6.1

purl pkg:pypi/pycrypto@2.6.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-gg52-nkc5-4ff1

vulnerability	VCID-qhem-k79n-akc6

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/pycrypto@2.6.1

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6594.json

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-6594.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-6594

reference_id

reference_type

scores

value	0.00798
scoring_system	epss
scoring_elements	0.74061
published_at	2026-04-21T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74069
published_at	2026-04-18T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73972
published_at	2026-04-01T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.7406
published_at	2026-04-16T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74021
published_at	2026-04-13T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74028
published_at	2026-04-12T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74047
published_at	2026-04-11T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.7401
published_at	2026-04-08T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73976
published_at	2026-04-07T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74024
published_at	2026-04-09T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.73979
published_at	2026-04-02T12:55:00Z

value	0.00798
scoring_system	epss
scoring_elements	0.74006
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-6594

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-6594

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-6528-wvf6-f6qg

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-6528-wvf6-f6qg

reference_url

https://github.com/dlitz/pycrypto

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlitz/pycrypto

reference_url

https://github.com/dlitz/pycrypto/issues/253

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/dlitz/pycrypto/issues/253

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2018-97.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2018-97.yaml

reference_url

https://github.com/TElgamal/attack-on-pycrypto-elgamal

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/TElgamal/attack-on-pycrypto-elgamal

reference_url

https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html

reference_url

https://security.gentoo.org/glsa/202007-62

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://security.gentoo.org/glsa/202007-62

reference_url

https://usn.ubuntu.com/3616-1

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3616-1

reference_url	https://usn.ubuntu.com/3616-1/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-1/

reference_url

https://usn.ubuntu.com/3616-2

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://usn.ubuntu.com/3616-2

reference_url	https://usn.ubuntu.com/3616-2/
reference_id
reference_type
scores
url	https://usn.ubuntu.com/3616-2/

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1542313
reference_id	1542313
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1542313

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889998
reference_id	889998
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889998

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2018-6594

reference_id

CVE-2018-6594

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2018-6594

Weaknesses

cwe_id	326
name	Inadequate Encryption Strength
description	The product stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	325
name	Missing Cryptographic Step
description	The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Exploits

Severity_range_score 5.3 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-gg52-nkc5-4ff1

Vulnerability Instance