pycrypto@2.6 vulnerabilities
Cryptographic modules for Python.
-
latest version
2.6.1
-
first published
13 years ago
-
latest version published
10 years ago
-
licenses detected
- [0,)
Direct Vulnerabilities
Known vulnerabilities in the pycrypto package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.Vulnerability | Vulnerable Version |
---|---|
pycrypto is a collection of both secure hash functions (such as SHA256 and RIPEMD160), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.). Affected versions of this package are vulnerable to Insecure Encryption, which can lead to Information Exposure. It generates weak How to fix Information Exposure? There is no fixed version for |
[0,)
|
Affected versions of this package are vulnerable to Arbitrary Code Execution. Heap-based buffer overflow in the ALGnew function in How to fix Arbitrary Code Execution? The fix is merged to the master branch but not yet published |
[,2.7a1]
|
Affected versions of this package are vulnerable Information Exposure. The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process. How to fix Information Exposure? Upgrade to version |
[,2.6.1)
|