pycrypto

PyPI4 known CVEs affecting this package

Aggregated from OSV, GitHub Security Advisories, NVD, and vendor advisories. Each CVE links to its full detail page with vendor advisories, patches, fixed versions, and remediation guidance.

CVEs affecting pycryptopage 1 of 1

CVE-2012-2417NONECVSS 0.0EG 0.0✓ Fixed in 2.6
2012-06-17
vulnerable: 1.9a2 ... 2.5 (11 versions)
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain…
CVE-2013-1445NONECVSS 0.0EG 0.0✓ Fixed in 2.6.1
2013-10-26
vulnerable: 1.9a2 ... 2.6 (12 versions)
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sen…
CVE-2013-7459CRITICALCVSS 9.8EG 9.8✓ Fixed in 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
2017-02-15
vulnerable: 1.9a2 ... 2.6.1 (13 versions)
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
CVE-2018-6594HIGHCVSS 7.5EG 7.5
2018-02-03
vulnerable: 1.9a2 ... 2.6.1 (13 versions)
lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphe…

Check whether pycrypto is used in your infrastructure

EchelonGraph scans your cloud and SBOMs to map every package to your actual deployments. See blast radius for pycrypto CVEs against the assets you own.

Start Free Scan →