Vulnerabilities > Dlitz > Pycrypto > 2.6
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2018-02-03 | CVE-2018-6594 | Inadequate Encryption Strength vulnerability in multiple products lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). | 5.0 |
2017-02-15 | CVE-2013-7459 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. | 9.8 |
2013-10-26 | CVE-2013-1445 | Cryptographic Issues vulnerability in Dlitz Pycrypto The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. | 4.3 |