pycrypto vulnerabilities and exploits

5
CVSSv2
CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional...

7.5
CVSSv2
CVE-2013-7459

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py....

10
CVSSv2
CVE-2015-3036

Stack-based buffer overflow in the run_init_sbus function in the KCodes NetUSB module for the Linux kernel, as used in certain NETGEAR products, TP-LINK products, and other products, allows remote attackers to execute arbitrary code by providing a long computer name in a session...

KcodesNetusb
4.3
CVSSv2
CVE-2013-1445

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race...

NA
CVE-2013-09843

Core Security Technologies Advisory - A memory corruption vulnerability was found in Mac OSX Directory Service. By sending a maliciously crafted message, a remote attacker could cause the directory server to terminate or execute arbitrary code with system privileges. The issue...

9.3
CVSSv2
CVE-2013-0984

Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message....

AppleMac Os XMac Os X Server
4.3
CVSSv2
CVE-2012-3458

Beaker before 1.6.4, when using PyCrypto to encrypt sessions, uses AES in ECB cipher mode, which might allow remote attackers to obtain portions of sensitive session data via unspecified vectors....

4.3
CVSSv2
CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key....

10
CVSSv2
CVE-2009-0544

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length....

PycryptoArc2
10
CVSSv2
CVE-2008-4250

The Server service in Microsoft Windows 2000 SP4, XP SP2 and SP3, Server 2003 SP1 and SP2, Vista Gold and SP1, Server 2008, and 7 Pre-Beta allows remote attackers to execute arbitrary code via a crafted RPC request that triggers the overflow during path canonicalization, as...

MicrosoftWindows 2000Windows Server 2003Windows Server 2008Windows VistaWindows Xp