Published: 26/10/2013 Updated: 28/10/2013

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

The Crypto.Random.atfork function in PyCrypto prior to 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
dlitz pycrypto
dlitz pycrypto 2.1.0
dlitz pycrypto 2.0.1
dlitz pycrypto 2.0
dlitz pycrypto 2.3
dlitz pycrypto 2.4.1
dlitz pycrypto 1.0.1
dlitz pycrypto 2.2
dlitz pycrypto 2.4
dlitz pycrypto 2.5
dlitz pycrypto 1.0.2
dlitz pycrypto 1.0.0

The CryptoRandomatfork function in PyCrypto before 261 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG wit ...

Blockchain E-Voting System

Blockchain E-Voting System [1][2] Demo Overview Blockchain voting system was designed as a di

CWE-310 https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175 http://www.debian.org/security/2013/dsa-2781 http://www.openwall.com/lists/oss-security/2013/10/17/3 https://nvd.nist.gov https://github.com/jdacode/Blockchain-Electronic-Voting-System https://alas.aws.amazon.com/ALAS-2013-243.html https://access.redhat.com/security/cve/cve-2013-1445

CVE-2013-1445

Vulnerability Summary

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect