pycrypto@2.6.1 vulnerabilities

Cryptographic modules for Python.

Direct Vulnerabilities

Known vulnerabilities in the pycrypto package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Information Exposure

pycrypto is a collection of both secure hash functions (such as SHA256 and RIPEMD160), and various encryption algorithms (AES, DES, RSA, ElGamal, etc.).

Affected versions of this package are vulnerable to Insecure Encryption, which can lead to Information Exposure.

It generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

How to fix Information Exposure?

There is no fixed version for pycrypto.

[0,)
  • C
Arbitrary Code Execution

pycrypto is a Cryptographic modules for Python.

Affected versions of this package are vulnerable to Arbitrary Code Execution. Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

How to fix Arbitrary Code Execution?

The fix is merged to the master branch but not yet published

[,2.7a1]