Vulnerability-Lookup

CVE-2012-2417 (GCVE-0-2012-2417)

Vulnerability from cvelistv5 – Published: 2012-06-17 01:00 – Updated: 2024-08-06 19:34

Summary

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Severity

No CVSS data available.

CWE

Assigner

mitre

References

14 references

URL	Tags
http://www.debian.org/security/2012/dsa-2502	vendor-advisoryx_refsource_DEBIAN
http://www.osvdb.org/82279	vdb-entryx_refsource_OSVDB
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
https://github.com/Legrandin/pycrypto/commit/9f91…	x_refsource_MISC
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.securityfocus.com/bid/53687	vdb-entryx_refsource_BID
https://bugs.launchpad.net/pycrypto/+bug/985164	x_refsource_MISC
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://secunia.com/advisories/49263	third-party-advisoryx_refsource_SECUNIA
http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2012/05/25/1	mailing-listx_refsource_MLIST
https://hermes.opensuse.org/messages/15083589	vendor-advisoryx_refsource_SUSE
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
https://github.com/dlitz/pycrypto/blob/373ea760f2…	x_refsource_CONFIRM

Date Public

2012-04-18 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2502",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-18T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2502",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2502"
        },
        {
          "name": "82279",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/82279"
        },
        {
          "name": "FEDORA-2012-8470",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
        },
        {
          "name": "MDVSA-2012:117",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
        },
        {
          "name": "53687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
        },
        {
          "name": "FEDORA-2012-8392",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
        },
        {
          "name": "49263",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49263"
        },
        {
          "name": "FEDORA-2012-8490",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
        },
        {
          "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
        },
        {
          "name": "openSUSE-SU-2012:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15083589"
        },
        {
          "name": "pycrypto-keys-weak-security(75871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2417",
    "datePublished": "2012-06-17T01:00:00.000Z",
    "dateReserved": "2012-04-24T00:00:00.000Z",
    "dateUpdated": "2024-08-06T19:34:25.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2012-2417",
      "date": "2026-05-30",
      "epss": "0.04088",
      "percentile": "0.8876"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5\", \"matchCriteriaId\": \"0F321706-6D4D-4735-A12D-12053A46AA4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF4C8BD3-24B8-4175-8D56-C870426EB797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A09EC4-6F0F-4C33-991E-80C739B823AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CCC2E0E-2253-49B8-9E42-391CD50D8D12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C16BEF3-223C-4B45-A18B-D7A02AEDC996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"17269B2D-6DC5-4461-9B5E-C2117B64BE8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D987E42-7693-432F-8763-7E61370DB855\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F10AF89-1388-4C90-878F-80FFB2FB8433\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*\", \"matchCriteriaId\": \"C238EDF9-FC34-4438-B081-DFE7388EC2D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24212CF8-4729-41AA-8293-1A81BC35928C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D317E0F-C1E0-4D7E-9001-FC1896280452\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"891D98BD-DC0B-4A62-B2E9-7FB6598AE024\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"52F16830-AD76-4154-88F5-087C32FD6237\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0437CCF-1216-419A-86F5-BD0383E69DF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"50B9564B-7382-481F-8CDE-B1F5224B4FCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8472A7E3-F0C1-43F0-9B65-81041F62912C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"422198F6-1891-4D61-941A-DEF803BFDE24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94A14599-F0E0-4A41-91F0-4E2AABF6164D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF8CFA40-2AB0-4E13-BDE9-966095C034B5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.\"}, {\"lang\": \"es\", \"value\": \"Pycrypto anterior a v2.6 no genera adecuadamente los n\\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\\u00fablica y hace m\\u00e1s f\\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada.\"}]",
      "id": "CVE-2012-2417",
      "lastModified": "2024-11-21T01:39:04.053",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-06-17T03:41:40.763",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/49263\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2012/dsa-2502\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/05/25/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/82279\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/53687\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/pycrypto/+bug/985164\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hermes.opensuse.org/messages/15083589\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/49263\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2012/dsa-2502\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/05/25/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/82279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/53687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/pycrypto/+bug/985164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hermes.opensuse.org/messages/15083589\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2417\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-06-17T03:41:40.763\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.\"},{\"lang\":\"es\",\"value\":\"Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5\",\"matchCriteriaId\":\"0F321706-6D4D-4735-A12D-12053A46AA4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF4C8BD3-24B8-4175-8D56-C870426EB797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A09EC4-6F0F-4C33-991E-80C739B823AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CCC2E0E-2253-49B8-9E42-391CD50D8D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C16BEF3-223C-4B45-A18B-D7A02AEDC996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17269B2D-6DC5-4461-9B5E-C2117B64BE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D987E42-7693-432F-8763-7E61370DB855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F10AF89-1388-4C90-878F-80FFB2FB8433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"C238EDF9-FC34-4438-B081-DFE7388EC2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24212CF8-4729-41AA-8293-1A81BC35928C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D317E0F-C1E0-4D7E-9001-FC1896280452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891D98BD-DC0B-4A62-B2E9-7FB6598AE024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F16830-AD76-4154-88F5-087C32FD6237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0437CCF-1216-419A-86F5-BD0383E69DF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B9564B-7382-481F-8CDE-B1F5224B4FCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8472A7E3-F0C1-43F0-9B65-81041F62912C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"422198F6-1891-4D61-941A-DEF803BFDE24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94A14599-F0E0-4A41-91F0-4E2AABF6164D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8CFA40-2AB0-4E13-BDE9-966095C034B5\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/49263\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2502\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/05/25/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/82279\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/53687\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/pycrypto/+bug/985164\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://hermes.opensuse.org/messages/15083589\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2502\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/05/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/82279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/53687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/pycrypto/+bug/985164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hermes.opensuse.org/messages/15083589\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

CERTA-2012-AVI-299

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans PyCrypto. Une erreur dans la génération des clés ElGamal permet à un attaquant de reduire grandement l'espace de clés dans le cas d'une attaque par recherche exhaustive.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 2.6 de PyCrypto corrige le problème. Les clés ElGamal générées avec une version antérieure devront être regénérées.

PyCrypto versions 2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

CERTA-2012-AVI-299

Vulnerability from certfr_avis - Published: - Updated:

Solution

PyCrypto versions 2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

FKIE_CVE-2012-2417

Vulnerability from fkie_nvd - Published: 2012-06-17 03:41 - Updated: 2026-04-29 01:13

Severity

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
cve@mitre.org	http://secunia.com/advisories/49263	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2012/dsa-2502
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
cve@mitre.org	http://www.openwall.com/lists/oss-security/2012/05/25/1
cve@mitre.org	http://www.osvdb.org/82279
cve@mitre.org	http://www.securityfocus.com/bid/53687
cve@mitre.org	https://bugs.launchpad.net/pycrypto/+bug/985164
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
cve@mitre.org	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
cve@mitre.org	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
cve@mitre.org	https://hermes.opensuse.org/messages/15083589
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49263	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2502
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/05/25/1
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/82279
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53687
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/pycrypto/+bug/985164
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/15083589

Impacted products

Vendor	Product	Version
dlitz	pycrypto	*
dlitz	pycrypto	1.0.0
dlitz	pycrypto	1.0.1
dlitz	pycrypto	1.0.2
dlitz	pycrypto	1.1
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	2.0
dlitz	pycrypto	2.0.1
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.2
dlitz	pycrypto	2.3
dlitz	pycrypto	2.4
dlitz	pycrypto	2.4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
    },
    {
      "lang": "es",
      "value": "Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada."
    }
  ],
  "id": "CVE-2012-2417",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:40.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/15083589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V367-P58W-98H5

Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2024-10-21 20:04

Summary

PyCrypto makes Use of Insufficiently Random Values

Details

Severity

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PyCrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-30T14:35:18Z",
    "nvd_published_at": "2012-06-17T03:41:00Z",
    "severity": "MODERATE"
  },
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "GHSA-v367-p58w-98h5",
  "modified": "2024-10-21T20:04:17Z",
  "published": "2022-05-17T01:46:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2417"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Legrandin/pycrypto"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2012-16.yaml"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140724111917/http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200228184120/http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyCrypto makes Use of Insufficiently Random Values"
}

GSD-2012-2417

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2417

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2417",
    "description": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
    "id": "GSD-2012-2417",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-2417.html",
      "https://www.debian.org/security/2012/dsa-2502",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-2417.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2417"
      ],
      "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
      "id": "GSD-2012-2417",
      "modified": "2023-12-13T01:20:16.639401Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-2417",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-2502",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
            "refsource": "MISC",
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "refsource": "SUSE",
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
            "refsource": "CONFIRM",
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "tags": [],
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:31Z",
      "publishedDate": "2012-06-17T03:41Z"
    }
  }
}

OPENSUSE-SU-2024:10346-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python-pycrypto-2.6.1-4.8 on GA media

Severity

Moderate

Notes

Title of the patch: python-pycrypto-2.6.1-4.8 on GA media

Description of the patch: These are all security issues fixed in the python-pycrypto-2.6.1-4.8 package on the GA media of openSUSE Tumbleweed.

Patchnames: openSUSE-Tumbleweed-2024-10346

CVE-2012-2417

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64	—	Vendor Fix

Threats

Impact moderate

CVE-2013-1445

Affected products

Recommended 8 products

Product	Version	Remediation
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x	—	Vendor Fix
Unresolved product id: openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64	—	Vendor Fix

Threats

Impact moderate

References

8 references

URL	Category
https://www.suse.com/support/security/rating/	external
https://ftp.suse.com/pub/projects/security/csaf/o…	self
https://www.suse.com/security/cve/CVE-2012-2417/	self
https://www.suse.com/security/cve/CVE-2013-1445/	self
https://www.suse.com/security/cve/CVE-2012-2417	external
https://bugzilla.suse.com/764127	external
https://www.suse.com/security/cve/CVE-2013-1445	external
https://bugzilla.suse.com/846214	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python-pycrypto-2.6.1-4.8 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python-pycrypto-2.6.1-4.8 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10346",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10346-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2417 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2417/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-1445 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-1445/"
      }
    ],
    "title": "python-pycrypto-2.6.1-4.8 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10346-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.aarch64",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.aarch64",
                  "product_id": "python-pycrypto-2.6.1-4.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.aarch64",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.aarch64",
                  "product_id": "python3-pycrypto-2.6.1-3.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.ppc64le",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.ppc64le",
                  "product_id": "python-pycrypto-2.6.1-4.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.ppc64le",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.ppc64le",
                  "product_id": "python3-pycrypto-2.6.1-3.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.s390x",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.s390x",
                  "product_id": "python-pycrypto-2.6.1-4.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.s390x",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.s390x",
                  "product_id": "python3-pycrypto-2.6.1-3.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.x86_64",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.x86_64",
                  "product_id": "python-pycrypto-2.6.1-4.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.x86_64",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.x86_64",
                  "product_id": "python3-pycrypto-2.6.1-3.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-2417",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2417"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2417",
          "url": "https://www.suse.com/security/cve/CVE-2012-2417"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 764127 for CVE-2012-2417",
          "url": "https://bugzilla.suse.com/764127"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2417"
    },
    {
      "cve": "CVE-2013-1445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-1445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-1445",
          "url": "https://www.suse.com/security/cve/CVE-2013-1445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 846214 for CVE-2013-1445",
          "url": "https://bugzilla.suse.com/846214"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-1445"
    }
  ]
}

PYSEC-2012-16

Vulnerability from pysec - Published: 2012-06-17 03:41 - Updated: 2021-08-27 03:22

Details

Impacted products

Name	purl
pycrypto	pkg:pypi/pycrypto

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pycrypto",
        "purl": "pkg:pypi/pycrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9f912f13df99ad3421eff360d6a62d7dbec755c2"
            }
          ],
          "repo": "https://github.com/Legrandin/pycrypto",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9a2",
        "1.9a5",
        "1.9a6",
        "2.0",
        "2.0.1",
        "2.1.0",
        "2.2",
        "2.3",
        "2.4",
        "2.4.1",
        "2.5"
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "PYSEC-2012-16",
  "modified": "2021-08-27T03:22:16.601238Z",
  "published": "2012-06-17T03:41:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2417 (GCVE-0-2012-2417)

CERTA-2012-AVI-299

Solution

CERTA-2012-AVI-299

Solution

FKIE_CVE-2012-2417

GHSA-V367-P58W-98H5

GSD-2012-2417

OPENSUSE-SU-2024:10346-1

PYSEC-2012-16

Tags

Sightings

Nomenclature