4 matches found
CVE-2018-6594
CVE-2018-6594 affects PyCrypto before or up to 2.6.1 due to weak ElGamal key parameter generation in lib/Crypto/PublicKey/ElGamal.py. This flaw breaks semantic security: under ciphertext-only attack an adversary could obtain plaintext information from ciphertext, as the Decisional Diffie-Hellman ...
CVE-2013-7459
CVE-2013-7459 is a heap-based buffer overflow in the ALGnew function of block_templace.c in Python Cryptography Toolkit (pycrypto). An attacker could trigger arbitrary code execution by supplying a crafted iv to cryptmsg.py. IBM and Amazon Linux advisories corroborate the vulnerability in pycrypt...
CVE-2012-2417
CVE-2012-2417 : PyCrypto before 2.6 generates ElGamal keys using inappropriate prime numbers, reducing the signature/public key space and enabling brute-force attacks to derive the private key. Connected sources confirm the issue affects PyCrypto ElGamal key generation and that fixed versions exi...
CVE-2013-1445
CVE-2013-1445 affects PyCrypto’s Crypto.Random.atfork PRNG reseeding: a race condition allows a child process to access the PRNG within the same rate-limit period, potentially exposing sensitive information. Root cause is inadequate reseeding before forking in PyCrypto before 2.6.1. Affected: PyC...