PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dlitz | pycrypto | 1.9 |
| dlitz | pycrypto | 2.2 |
| dlitz | pycrypto | 2.0 |
| dlitz | pycrypto | 2.4.1 |
| dlitz | pycrypto | 1.0.1 |
| dlitz | pycrypto | 1.0.2 |
| dlitz | pycrypto | 1.1 |
| dlitz | pycrypto | 2.4 |
| dlitz | pycrypto | 2.3 |
| dlitz | pycrypto | 1.0.0 |
| dlitz | pycrypto | 2.0.1 |
| dlitz | pycrypto | * |
| dlitz | pycrypto | 2.1.0 |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-310,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| dlitz | pycrypto | 2.2 |
| dlitz | pycrypto | 2.0 |
| dlitz | pycrypto | 2.4.1 |
| dlitz | pycrypto | 1.0.1 |
| dlitz | pycrypto | 1.0.2 |
| dlitz | pycrypto | 2.5 |
| dlitz | pycrypto | 2.4 |
| dlitz | pycrypto | 2.3 |
| dlitz | pycrypto | 1.0.0 |
| dlitz | pycrypto | 2.0.1 |
| dlitz | pycrypto | * |
| dlitz | pycrypto | 2.1.0 |
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-119,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| fedoraproject | fedora | 24 |
| fedoraproject | fedora | 25 |
| dlitz | pycrypto | * |
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.
CVSS 2.0
Severity: MEDIUM
Problem Type: CWE-326,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| canonical | ubuntu_linux | 16.04 |
| canonical | ubuntu_linux | 14.04 |
| debian | debian_linux | 7.0 |
| canonical | ubuntu_linux | 12.04 |
| canonical | ubuntu_linux | 17.10 |
| dlitz | pycrypto | * |