4.3

CVE-2012-2417

Exploit
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
DlitzPycrypto Version <= 2.5
DlitzPycrypto Version1.0.0
DlitzPycrypto Version1.0.1
DlitzPycrypto Version1.0.2
DlitzPycrypto Version1.1 Updatealpha2
DlitzPycrypto Version1.9 Updatealpha1
DlitzPycrypto Version1.9 Updatealpha2
DlitzPycrypto Version1.9 Updatealpha3
DlitzPycrypto Version1.9 Updatealpha4
DlitzPycrypto Version1.9 Updatealpha5
DlitzPycrypto Version1.9 Updatealpha6
DlitzPycrypto Version2.0
DlitzPycrypto Version2.0.1
DlitzPycrypto Version2.1.0
DlitzPycrypto Version2.1.0 Updatealpha1
DlitzPycrypto Version2.1.0 Updatealpha2
DlitzPycrypto Version2.1.0 Updatebeta1
DlitzPycrypto Version2.2
DlitzPycrypto Version2.3
DlitzPycrypto Version2.4
DlitzPycrypto Version2.4.1
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.73% 0.841
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:P/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
http://secunia.com/advisories/49263
Vendor Advisory
http://www.debian.org/security/2012/dsa-2502
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
http://www.openwall.com/lists/oss-security/2012/05/25/1
http://www.osvdb.org/82279
http://www.securityfocus.com/bid/53687
https://bugs.launchpad.net/pycrypto/+bug/985164
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
Patch
Exploit
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
https://hermes.opensuse.org/messages/15083589