MidnightBSD

Advisories for dlitz

CVE-2012-2417 MEDIUM

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dlitz pycrypto 1.9
dlitz pycrypto 2.2
dlitz pycrypto 2.0
dlitz pycrypto 2.4.1
dlitz pycrypto 1.0.1
dlitz pycrypto 1.0.2
dlitz pycrypto 1.1
dlitz pycrypto 2.4
dlitz pycrypto 2.3
dlitz pycrypto 1.0.0
dlitz pycrypto 2.0.1
dlitz pycrypto *
dlitz pycrypto 2.1.0
CVE-2013-1445 MEDIUM

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-310,

Products Affected

Vendor Product Version
dlitz pycrypto 2.2
dlitz pycrypto 2.0
dlitz pycrypto 2.4.1
dlitz pycrypto 1.0.1
dlitz pycrypto 1.0.2
dlitz pycrypto 2.5
dlitz pycrypto 2.4
dlitz pycrypto 2.3
dlitz pycrypto 1.0.0
dlitz pycrypto 2.0.1
dlitz pycrypto *
dlitz pycrypto 2.1.0
CVE-2013-7459 HIGH

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
fedoraproject fedora 24
fedoraproject fedora 25
dlitz pycrypto *
CVE-2018-6594 MEDIUM

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,

Products Affected

Vendor Product Version
canonical ubuntu_linux 16.04
canonical ubuntu_linux 14.04
debian debian_linux 7.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 17.10
dlitz pycrypto *