Search for packages
| purl | pkg:pypi/pycrypto@2.6 |
| Next non-vulnerable version | None. |
| Latest non-vulnerable version | None. |
| Risk | 4.5 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-gg52-nkc5-4ff1
Aliases: CVE-2018-6594 GHSA-6528-wvf6-f6qg PYSEC-2018-97 |
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. | There are no reported fixed by versions. |
|
VCID-mrec-hnpq-jqdn
Aliases: CVE-2013-1445 GHSA-x377-f64p-hf5j PYSEC-2013-29 |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. |
Affected by 2 other vulnerabilities. |
|
VCID-qhem-k79n-akc6
Aliases: CVE-2013-7459 GHSA-cq27-v7xp-c356 PYSEC-2017-94 |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | There are no reported fixed by versions. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-s32r-berz-qqhf | PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. |
CVE-2012-2417
GHSA-v367-p58w-98h5 PYSEC-2012-16 |