Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-200903-11
HistoryMar 09, 2009 - 12:00 a.m.

PyCrypto: Execution of arbitrary code

2009-03-0900:00:00
Gentoo Foundation
security.gentoo.org
11

0.321 Low

EPSS

Percentile

97.0%

JSON

Background

PyCrypto is the Python Cryptography Toolkit.

Description

Mike Wiacek of the Google Security Team reported a buffer overflow in the ARC2 module when processing a large ARC2 key length.

Impact

A remote attacker could entice a user or automated system to decrypt an ARC2 stream in an application using PyCrypto, possibly resulting in the execution of arbitrary code or a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All PyCrypto users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-python/pycrypto-2.0.1-r8"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-python/pycrypto<Β 2.0.1-r8UNKNOWN

Related

nessus 8
openvas 21
cve 1
securityvulns 2
ubuntu 1
prion 1
seebug 1
cvelist 1
ubuntucve 1
debian 1
debiancve 1
nessus
nessus
GLSA-200903-11 : PyCrypto: Execution of arbitrary code
2009-03-10 00:00:00
Debian DSA-1726-1 : python-crypto - buffer overflow
2009-02-26 00:00:00
openSUSE Security Update : python-crypto (python-crypto-589)
2009-07-21 00:00:00
openvas
openvas
Mandrake Security Advisory MDVSA-2009:050-1 (python-pycrypto)
2009-03-02 00:00:00
Debian: Security Advisory (DSA-1726-1)
2009-03-19 00:00:00
Mandrake Security Advisory MDVSA-2009:050 (python-pycrypto)
2009-03-02 00:00:00
cve
cve
CVE-2009-0544
2009-02-12 17:30:00
securityvulns
securityvulns
[ MDVSA-2009:050-1 ] python-pycrypto
2009-02-25 00:00:00
PyCrypto python module DoS
2009-02-25 00:00:00
ubuntu
ubuntu
Python Crypto vulnerability
2009-03-05 00:00:00
prion
prion
Buffer overflow
2009-02-12 17:30:00
seebug
seebug
PyCrypto ARC2ζ¨‘ε—ηΌ“ε†²εŒΊζΊ’ε‡ΊζΌζ΄ž
2009-02-19 00:00:00
cvelist
cvelist
CVE-2009-0544
2009-02-12 17:00:00
ubuntucve
ubuntucve
CVE-2009-0544
2009-02-12 00:00:00
debian
debian
[SECURITY] [DSA 1726-1] New python-crypto packages fix denial of service
2009-02-25 20:32:24
debiancve
debiancve
CVE-2009-0544
2009-02-12 17:30:00

0.321 Low

EPSS

Percentile

97.0%

JSON
Related for GLSA-200903-11
nessus8openvas21cve1securityvulns2ubuntu1prion1seebug1cvelist1ubuntucve1debian1debiancve1