CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2018-6594 – Gentoo Linux Security Advisory 202007-62
https://notcve.org/view.php?id=CVE-2018-6594
03 Feb 2018 — lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation. lib/Crypto/PublicKey/ElGamal.py en PyCrypto hasta la versión 2.6.1 genera parámetros de clave ElGamal débiles, lo que permite que atacantes remotos obten... • https://github.com/TElgamal/attack-on-pycrypto-elgamal • CWE-326: Inadequate Encryption Strength •
CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2013-7459 – Gentoo Linux Security Advisory 201702-14
https://notcve.org/view.php?id=CVE-2013-7459
15 Feb 2017 — Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. Desbordamiento de búfer basado en memoria dinámica en la función ALGnew en block_templace.c en Python Cryptography Toolkit (también conocido como pycrypto) permite a atacantes remotos ejecutar código arbitrario como se demuestra por un parámetro iv manipulado para cryptmsg.py. A heap-bas... • http://www.openwall.com/lists/oss-security/2016/12/27/8 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 4.3EPSS: 0%CPEs: 12EXPL: 2CVE-2013-1445 – Mandriva Linux Security Advisory 2013-262
https://notcve.org/view.php?id=CVE-2013-1445
21 Oct 2013 — The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. La función Crypto.Random.atfork en PyCrypto anterior a 2.6.1 no reestablece correctamente la semilla en el gene... • http://www.debian.org/security/2013/dsa-2781 • CWE-310: Cryptographic Issues •
CVSS: 4.3EPSS: 0%CPEs: 21EXPL: 1CVE-2012-2417
https://notcve.org/view.php?id=CVE-2012-2417
17 Jun 2012 — PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key. Pycrypto anterior a v2.6 no genera adecuadamente los números primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves pública y hace más fácil para los atacantes para llevar ... • http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html • CWE-310: Cryptographic Issues •