Vulnerability	Vulnerable Version
M Use of a Broken or Risky Cryptographic Algorithm Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade `pycryptodome` to version 3.19.1 or higher.	[,3.19.1)
M Observable Timing Discrepancy Affected versions of this package are vulnerable to Observable Timing Discrepancy due to improper handling of OAEP decryption. An attacker can extract sensitive information by exploiting the side-channel leakage to perform a Manger attack (Marvin). How to fix Observable Timing Discrepancy? Upgrade `pycryptodome` to version 3.19.1 or higher.	[,3.19.1)
M Insecure Encryption Affected versions of this package are vulnerable to Insecure Encryption via the implementation of deprecated and unsafe PGP "quick check" feature by allowing an attacker to determine 16 bits of any plaintext block. How to fix Insecure Encryption? Upgrade `pycryptodome` to version 3.4.4 or higher.	[,3.4.4)
H Denial of Service (DoS) pycryptodome is a self-contained Python package of low-level cryptographic primitives. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to integer overflow. When `data_len` is less than 16, it will overflow, causing `in` pointer variable access to illegal memory. How to fix Denial of Service (DoS)? Upgrade `pycryptodome` to version 3.6.6 or higher.	[,3.6.6)
M Deprecated Cypher `pycryptodome` is Cryptographic library for Python. Affected versions of the package are vulnerable to Deprecated Cypher. It contained the `quick check` feature of PGP block cipher mode, which was deprecated. How to fix Deprecated Cypher? Upgrade `pycryptodome` to version 3.4.4 or higher.	[,3.4.4)

Go back to all versions of this package