Arbitrary Remote Code Execution Via Buffer Overflow

🗓️ 27 Dec 2016 03:19:45Reported by Veracode Vulnerability DatabaseType

pycrypto vulnerable to buffer overflow for arbitrary remote code executio

Reporter	Title	Published	Views	Family All 75
IBM Security Bulletins	Security Bulletin: Vulnerabilities exists in IBM Netezza Analytics - NPS Product	15 Jul 202515:44	–	ibm
IBM Security Bulletins	Security Bulletin: Critical Vulnerabilities in libraries used by libraries that IBM Spectrum discover is using (libraries of libraries)	28 Mar 202216:33	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Security includes components with multiple known vulnerabilities	7 Jun 202316:53	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in pycrypto-2.6.1.tar.gz affects IBM Integrated Analytics System [CVE-2013-7459, CVE-2018-6594]	17 Oct 202311:23	–	ibm
IBM Security Bulletins	Security Bulletin: A vulnerability in PyCrypto affects PowerKVM	18 Jun 201801:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in software used in node.js affect Cloud Pak System	31 Mar 202314:17	–	ibm
IBM Security Bulletins	Security Bulletin: Mutiple Vulnerabilties in Open Source packages affecting IBM Watson Machine Learning Accelerator on Cloud Pak for Data	12 Dec 202317:35	–	ibm
Tenable Nessus	Amazon Linux 2 : python-crypto (ALASANSIBLE2-2024-011)	24 Jun 202400:00	–	nessus
Tenable Nessus	Amazon Linux AMI : python-crypto (ALAS-2017-801)	7 Mar 201700:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP3 : python-crypto (EulerOS-SA-2018-1168)	28 Jun 201800:00	–	nessus

Vulners

Node

pycryptoRange≤2.6.1

Source	Link
github	www.github.com/dlitz/pycrypto/issues/176
pony7	www.pony7.fr/ctf:public:32c3:cryptmsg
seclists	www.seclists.org/oss-sec/2016/q4/760

15 May 2019 06:18Current

9.9High risk

Vulners AI Score9.9

CVSS 27.5

CVSS 39.8

EPSS0.13624