PyCrypto — CVE history (PyPI)
PyCrypto
3 CVEs affect the PyCrypto PyPI package (highest CVSS 9.8). Latest disclosed: 2017-02-15. Full CVE history sourced from NVD.
Summary
- Package
PyCrypto(PyPI)- Total CVEs
3- Actively exploited (CISA KEV)
- 0
- Highest CVSS
9.8- Latest disclosed
- 2017-02-15
Recent CVEs (top 3)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2013-7459 | Critical | 9.8 | — | 2017-02-15 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. |
CVE-2013-1445 | — | — | — | 2013-10-26 | The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sen… |
CVE-2012-2417 | — | — | — | 2012-06-17 | PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain… |
All-time worst (top 1 by CVSS)
| CVE | Severity | CVSS | KEV | Published | Summary |
|---|---|---|---|---|---|
CVE-2013-7459 | Critical | 9.8 | — | 2017-02-15 | Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py. |