Python Crypto vulnerability

ID USN-729-1
Type ubuntu
Reporter Ubuntu
Modified 2009-03-05T00:00:00


Mike Wiacek discovered that the ARC2 implementation in Python Crypto did not correctly check the key length. If a user or automated system were tricked into processing a malicious ARC2 stream, a remote attacker could execute arbitrary code or crash the application using Python Crypto, leading to a denial of service.