Vulnerability-Lookup

CVE-2012-2417 (GCVE-0-2012-2417)

Vulnerability from cvelistv5 – Published: 2012-06-17 01:00 – Updated: 2024-08-06 19:34

Summary

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2012/dsa-2502	vendor-advisoryx_refsource_DEBIAN
	http://www.osvdb.org/82279	vdb-entryx_refsource_OSVDB
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://github.com/Legrandin/pycrypto/commit/9f91…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/53687	vdb-entryx_refsource_BID
	https://bugs.launchpad.net/pycrypto/+bug/985164	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/49263	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2012/05/25/1	mailing-listx_refsource_MLIST
	https://hermes.opensuse.org/messages/15083589	vendor-advisoryx_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://github.com/dlitz/pycrypto/blob/373ea760f2…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2502",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2502",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2502"
        },
        {
          "name": "82279",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/82279"
        },
        {
          "name": "FEDORA-2012-8470",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
        },
        {
          "name": "MDVSA-2012:117",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
        },
        {
          "name": "53687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
        },
        {
          "name": "FEDORA-2012-8392",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
        },
        {
          "name": "49263",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49263"
        },
        {
          "name": "FEDORA-2012-8490",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
        },
        {
          "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
        },
        {
          "name": "openSUSE-SU-2012:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15083589"
        },
        {
          "name": "pycrypto-keys-weak-security(75871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2417",
    "datePublished": "2012-06-17T01:00:00.000Z",
    "dateReserved": "2012-04-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:34:25.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

FKIE_CVE-2012-2417

Vulnerability from fkie_nvd - Published: 2012-06-17 03:41 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
cve@mitre.org	http://secunia.com/advisories/49263	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2012/dsa-2502
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
cve@mitre.org	http://www.openwall.com/lists/oss-security/2012/05/25/1
cve@mitre.org	http://www.osvdb.org/82279
cve@mitre.org	http://www.securityfocus.com/bid/53687
cve@mitre.org	https://bugs.launchpad.net/pycrypto/+bug/985164
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
cve@mitre.org	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
cve@mitre.org	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
cve@mitre.org	https://hermes.opensuse.org/messages/15083589
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49263	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2502
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/05/25/1
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/82279
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53687
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/pycrypto/+bug/985164
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/15083589

Impacted products

Vendor	Product	Version
dlitz	pycrypto	*
dlitz	pycrypto	1.0.0
dlitz	pycrypto	1.0.1
dlitz	pycrypto	1.0.2
dlitz	pycrypto	1.1
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	2.0
dlitz	pycrypto	2.0.1
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.2
dlitz	pycrypto	2.3
dlitz	pycrypto	2.4
dlitz	pycrypto	2.4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
    },
    {
      "lang": "es",
      "value": "Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada."
    }
  ],
  "id": "CVE-2012-2417",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:40.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/15083589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2012-2417

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2417

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2417",
    "description": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
    "id": "GSD-2012-2417",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-2417.html",
      "https://www.debian.org/security/2012/dsa-2502",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-2417.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2417"
      ],
      "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
      "id": "GSD-2012-2417",
      "modified": "2023-12-13T01:20:16.639401Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-2417",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-2502",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
            "refsource": "MISC",
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "refsource": "SUSE",
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
            "refsource": "CONFIRM",
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "tags": [],
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:31Z",
      "publishedDate": "2012-06-17T03:41Z"
    }
  }
}

PYSEC-2012-16

Vulnerability from pysec - Published: 2012-06-17 03:41 - Updated: 2021-08-27 03:22

Details

Impacted products

Name	purl
pycrypto	pkg:pypi/pycrypto

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pycrypto",
        "purl": "pkg:pypi/pycrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9f912f13df99ad3421eff360d6a62d7dbec755c2"
            }
          ],
          "repo": "https://github.com/Legrandin/pycrypto",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9a2",
        "1.9a5",
        "1.9a6",
        "2.0",
        "2.0.1",
        "2.1.0",
        "2.2",
        "2.3",
        "2.4",
        "2.4.1",
        "2.5"
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "PYSEC-2012-16",
  "modified": "2021-08-27T03:22:16.601238Z",
  "published": "2012-06-17T03:41:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    }
  ]
}

GHSA-V367-P58W-98H5

Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2024-10-21 20:04

Summary

PyCrypto makes Use of Insufficiently Random Values

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PyCrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-30T14:35:18Z",
    "nvd_published_at": "2012-06-17T03:41:00Z",
    "severity": "MODERATE"
  },
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "GHSA-v367-p58w-98h5",
  "modified": "2024-10-21T20:04:17Z",
  "published": "2022-05-17T01:46:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2417"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Legrandin/pycrypto"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2012-16.yaml"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140724111917/http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200228184120/http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyCrypto makes Use of Insufficiently Random Values"
}

CERTA-2012-AVI-299

Vulnerability from certfr_avis - Published: 2012-05-30 - Updated: 2012-05-30

Une vulnérabilité a été corrigée dans PyCrypto. Une erreur dans la génération des clés ElGamal permet à un attaquant de reduire grandement l'espace de clés dans le cas d'une attaque par recherche exhaustive.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 2.6 de PyCrypto corrige le problème. Les clés ElGamal générées avec une version antérieure devront être regénérées.

PyCrypto versions 2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2417 (GCVE-0-2012-2417)

FKIE_CVE-2012-2417

GSD-2012-2417

PYSEC-2012-16

GHSA-V367-P58W-98H5

CERTA-2012-AVI-299

Solution

Tags

Sightings

Nomenclature