pycryptodome@3.0rc1 vulnerabilities

Cryptographic library for Python

  • latest version

    3.21.0

  • latest non vulnerable version

  • first published

    10 years ago

  • latest version published

    2 months ago

  • licenses detected

  • Direct Vulnerabilities

    Known vulnerabilities in the pycryptodome package. This does not include vulnerabilities belonging to this package’s dependencies.

    How to fix?

    Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

    Fix for free
    VulnerabilityVulnerable Version
    • M
    Use of a Broken or Risky Cryptographic Algorithm

    Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack.

    How to fix Use of a Broken or Risky Cryptographic Algorithm?

    Upgrade pycryptodome to version 3.19.1 or higher.

    [,3.19.1)
    • M
    Observable Timing Discrepancy

    Affected versions of this package are vulnerable to Observable Timing Discrepancy due to improper handling of OAEP decryption. An attacker can extract sensitive information by exploiting the side-channel leakage to perform a Manger attack (Marvin).

    How to fix Observable Timing Discrepancy?

    Upgrade pycryptodome to version 3.19.1 or higher.

    [,3.19.1)
    • M
    Insecure Encryption

    Affected versions of this package are vulnerable to Insecure Encryption via the implementation of deprecated and unsafe PGP "quick check" feature by allowing an attacker to determine 16 bits of any plaintext block.

    How to fix Insecure Encryption?

    Upgrade pycryptodome to version 3.4.4 or higher.

    [,3.4.4)
    • H
    Denial of Service (DoS)

    pycryptodome is a self-contained Python package of low-level cryptographic primitives.

    Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to integer overflow. When data_len is less than 16, it will overflow, causing in pointer variable access to illegal memory.

    How to fix Denial of Service (DoS)?

    Upgrade pycryptodome to version 3.6.6 or higher.

    [,3.6.6)
    • M
    Deprecated Cypher

    pycryptodome is Cryptographic library for Python.

    Affected versions of the package are vulnerable to Deprecated Cypher. It contained the quick check feature of PGP block cipher mode, which was deprecated.

    How to fix Deprecated Cypher?

    Upgrade pycryptodome to version 3.4.4 or higher.

    [,3.4.4)