The Crypto.Random.atfork function in PyCrypto prior to 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent malicious users to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dlitz pycrypto |
||
dlitz pycrypto 2.1.0 |
||
dlitz pycrypto 2.0.1 |
||
dlitz pycrypto 2.0 |
||
dlitz pycrypto 2.3 |
||
dlitz pycrypto 2.4.1 |
||
dlitz pycrypto 1.0.1 |
||
dlitz pycrypto 2.2 |
||
dlitz pycrypto 2.4 |
||
dlitz pycrypto 2.5 |
||
dlitz pycrypto 1.0.2 |
||
dlitz pycrypto 1.0.0 |