pycryptodome@3.2.1 vulnerabilities
Cryptographic library for Python
-
latest version
3.20.0
-
latest non vulnerable version
-
first published
10 years ago
-
latest version published
4 months ago
-
licenses detected
- [3.1,3.7.1)
Direct Vulnerabilities
Known vulnerabilities in the pycryptodome package. This does not include vulnerabilities belonging to this package’s dependencies.
Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.| Vulnerability | Vulnerable Version |
|---|---|
Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade |
[,3.19.1)
|
Affected versions of this package are vulnerable to Observable Timing Discrepancy due to improper handling of OAEP decryption. An attacker can extract sensitive information by exploiting the side-channel leakage to perform a Manger attack (Marvin). How to fix Observable Timing Discrepancy? Upgrade |
[,3.19.1)
|
Affected versions of this package are vulnerable to Insecure Encryption via the implementation of deprecated and unsafe PGP "quick check" feature by allowing an attacker to determine 16 bits of any plaintext block. How to fix Insecure Encryption? Upgrade |
[,3.4.4)
|
pycryptodome is a self-contained Python package of low-level cryptographic primitives. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to integer overflow. When How to fix Denial of Service (DoS)? Upgrade |
[,3.6.6)
|
Affected versions of the package are vulnerable to Deprecated Cypher. It contained the How to fix Deprecated Cypher? Upgrade |
[,3.4.4)
|