pycryptodome@3.4.7 vulnerabilities

Cryptographic library for Python

Known vulnerabilities in the pycryptodome package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Vulnerability	Vulnerable Version
M Use of a Broken or Risky Cryptographic Algorithm Affected versions of this package are vulnerable to Use of a Broken or Risky Cryptographic Algorithm in the OAEP decryption process, which previously had a side-channel leakage issue. This vulnerability could potentially be exploited through a Manger attack, a type of cryptographic attack. How to fix Use of a Broken or Risky Cryptographic Algorithm? Upgrade `pycryptodome` to version 3.19.1 or higher.	[,3.19.1)
M Observable Timing Discrepancy Affected versions of this package are vulnerable to Observable Timing Discrepancy due to improper handling of OAEP decryption. An attacker can extract sensitive information by exploiting the side-channel leakage to perform a Manger attack (Marvin). How to fix Observable Timing Discrepancy? Upgrade `pycryptodome` to version 3.19.1 or higher.	[,3.19.1)
H Denial of Service (DoS) pycryptodome is a self-contained Python package of low-level cryptographic primitives. Affected versions of this package are vulnerable to Denial of Service (DoS) attacks due to integer overflow. When `data_len` is less than 16, it will overflow, causing `in` pointer variable access to illegal memory. How to fix Denial of Service (DoS)? Upgrade `pycryptodome` to version 3.6.6 or higher.	[,3.6.6)