Search CVE reports
11 – 15 of 15 results
Some fixes available 3 of 4
Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.
1 affected package
python-crypto
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-crypto | — | — | — | — |
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to...
1 affected package
python-crypto
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-crypto | — | — | Not affected | Not affected |
Some fixes available 4 of 5
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks...
1 affected package
python-crypto
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-crypto | — | — | — | — |
Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.
1 affected package
python-crypto
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| python-crypto | — | — | — | — |
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might...
10 affected packages
openssl, mbedtls, openssl098, bouncycastle, gnutls26...
| Package | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|
| openssl | — | — | — | Not affected |
| mbedtls | — | — | — | Not affected |
| openssl098 | — | — | — | Not in release |
| bouncycastle | — | — | — | Not affected |
| gnutls26 | — | — | — | Not in release |
| gnutls28 | — | — | — | Not affected |
| libgcrypt11 | — | — | — | Not in release |
| nss | — | — | — | Not affected |
| polarssl | — | — | — | Not in release |
| python-crypto | — | — | — | Not affected |