CVE-2012-2417

Severity Score

4.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Pycrypto anterior a v2.6 no genera adecuadamente los números primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves pública y hace más fácil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada.

*Credits: N/A

CVSS Scores

NISTv2 4.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-04-24 CVE Reserved
2012-06-17 CVE Published
2024-07-06 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-310: Cryptographic Issues

CAPEC

References (14)

URL	Tag	Source
http://www.openwall.com/lists/oss-security/2012/05/25/1	Mailing List
http://www.osvdb.org/82279	Vdb Entry
http://www.securityfocus.com/bid/53687	Vdb Entry
https://bugs.launchpad.net/pycrypto/+bug/985164	X_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871	Vdb Entry
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog	X_refsource_confirm

URL	Date	SRC
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	2024-08-06

URL	Date	SRC

URL	Date	SRC
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html	2017-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html	2017-08-29
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html	2017-08-29
http://secunia.com/advisories/49263	2017-08-29
http://www.debian.org/security/2012/dsa-2502	2017-08-29
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117	2017-08-29
https://hermes.opensuse.org/messages/15083589	2017-08-29

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				<= 2.5 Search vendor "Dlitz" for product "Pycrypto" and version " <= 2.5"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.0.0 Search vendor "Dlitz" for product "Pycrypto" and version "1.0.0"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.0.1 Search vendor "Dlitz" for product "Pycrypto" and version "1.0.1"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.0.2 Search vendor "Dlitz" for product "Pycrypto" and version "1.0.2"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.1 Search vendor "Dlitz" for product "Pycrypto" and version "1.1"		alpha2		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha1		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha2		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha3		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha4		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha5		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				1.9 Search vendor "Dlitz" for product "Pycrypto" and version "1.9"		alpha6		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.0 Search vendor "Dlitz" for product "Pycrypto" and version "2.0"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.0.1 Search vendor "Dlitz" for product "Pycrypto" and version "2.0.1"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.1.0 Search vendor "Dlitz" for product "Pycrypto" and version "2.1.0"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.1.0 Search vendor "Dlitz" for product "Pycrypto" and version "2.1.0"		alpha1		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.1.0 Search vendor "Dlitz" for product "Pycrypto" and version "2.1.0"		alpha2		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.1.0 Search vendor "Dlitz" for product "Pycrypto" and version "2.1.0"		beta1		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.2 Search vendor "Dlitz" for product "Pycrypto" and version "2.2"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.3 Search vendor "Dlitz" for product "Pycrypto" and version "2.3"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.4 Search vendor "Dlitz" for product "Pycrypto" and version "2.4"		-		Affected
Dlitz Search vendor "Dlitz"		Pycrypto Search vendor "Dlitz" for product "Pycrypto"				2.4.1 Search vendor "Dlitz" for product "Pycrypto" and version "2.4.1"		-		Affected