VulnerableCode Package Details - pkg:deb/debian/pycryptodome@3.20.0%2Bdfsg-3?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6gxf-2bj4-1qew	PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.	CVE-2018-15560 GHSA-hgg3-g7gr-66r7 PYSEC-2018-21
VCID-gg52-nkc5-4ff1	lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.	CVE-2018-6594 GHSA-6528-wvf6-f6qg PYSEC-2018-97
VCID-xyku-dd6j-u3ex	PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.	CVE-2023-52323 GHSA-j225-cvw7-qrx7 PYSEC-2024-3

Vulnerability

Summary

Aliases

VCID-6gxf-2bj4-1qew

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

CVE-2018-15560
GHSA-hgg3-g7gr-66r7
PYSEC-2018-21

VCID-gg52-nkc5-4ff1

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

CVE-2018-6594
GHSA-6528-wvf6-f6qg
PYSEC-2018-97

VCID-xyku-dd6j-u3ex

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVE-2023-52323
GHSA-j225-cvw7-qrx7
PYSEC-2024-3

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:42:18.350556+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:33:12.900931+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:42:34.687807+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:35:50.794973+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:30.060745+00:00	Debian Importer	Fixing	VCID-xyku-dd6j-u3ex	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:30.034176+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:29.992482+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.1.0