VulnerableCode Package Details - pkg:deb/debian/pycryptodome@3.9.7%2Bdfsg1-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
VCID-xyku-dd6j-u3ex Aliases: CVE-2023-52323 GHSA-j225-cvw7-qrx7 PYSEC-2024-3	PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.	3.20.0+dfsg-1 Affected by 0 other vulnerabilities. 3.20.0+dfsg-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-xyku-dd6j-u3ex
Aliases:
CVE-2023-52323
GHSA-j225-cvw7-qrx7
PYSEC-2024-3

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

3.20.0+dfsg-1
Affected by 0 other vulnerabilities.

3.20.0+dfsg-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-6gxf-2bj4-1qew	PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.	CVE-2018-15560 GHSA-hgg3-g7gr-66r7 PYSEC-2018-21
VCID-gg52-nkc5-4ff1	lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.	CVE-2018-6594 GHSA-6528-wvf6-f6qg PYSEC-2018-97

Vulnerability

Summary

Aliases

VCID-6gxf-2bj4-1qew

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

CVE-2018-15560
GHSA-hgg3-g7gr-66r7
PYSEC-2018-21

VCID-gg52-nkc5-4ff1

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

CVE-2018-6594
GHSA-6528-wvf6-f6qg
PYSEC-2018-97

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T12:42:18.339938+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T12:33:12.888981+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:42:34.677391+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T08:35:50.782893+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:30.052499+00:00	Debian Importer	Affected by	VCID-xyku-dd6j-u3ex	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:30.025979+00:00	Debian Importer	Fixing	VCID-gg52-nkc5-4ff1	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:29.984931+00:00	Debian Importer	Fixing	VCID-6gxf-2bj4-1qew	https://security-tracker.debian.org/tracker/data/json	38.1.0