cvelistv5 - cve-2012-2417

CVE-2012-2417 (GCVE-0-2012-2417)

Vulnerability from cvelistv5 – Published: 2012-06-17 01:00 – Updated: 2024-08-06 19:34

Summary

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2012/dsa-2502	vendor-advisoryx_refsource_DEBIAN
	http://www.osvdb.org/82279	vdb-entryx_refsource_OSVDB
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	https://github.com/Legrandin/pycrypto/commit/9f91…	x_refsource_MISC
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/53687	vdb-entryx_refsource_BID
	https://bugs.launchpad.net/pycrypto/+bug/985164	x_refsource_MISC
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/49263	third-party-advisoryx_refsource_SECUNIA
	http://lists.fedoraproject.org/pipermail/package-…	vendor-advisoryx_refsource_FEDORA
	http://www.openwall.com/lists/oss-security/2012/05/25/1	mailing-listx_refsource_MLIST
	https://hermes.opensuse.org/messages/15083589	vendor-advisoryx_refsource_SUSE
	https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
	https://github.com/dlitz/pycrypto/blob/373ea760f2…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T19:34:25.430Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-2502",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2012-04-18T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-28T12:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-2502",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2012/dsa-2502"
        },
        {
          "name": "82279",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://www.osvdb.org/82279"
        },
        {
          "name": "FEDORA-2012-8470",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
        },
        {
          "name": "MDVSA-2012:117",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
        },
        {
          "name": "53687",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/53687"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
        },
        {
          "name": "FEDORA-2012-8392",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
        },
        {
          "name": "49263",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/49263"
        },
        {
          "name": "FEDORA-2012-8490",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
        },
        {
          "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
        },
        {
          "name": "openSUSE-SU-2012:0830",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "https://hermes.opensuse.org/messages/15083589"
        },
        {
          "name": "pycrypto-keys-weak-security(75871)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2012-2417",
    "datePublished": "2012-06-17T01:00:00",
    "dateReserved": "2012-04-24T00:00:00",
    "dateUpdated": "2024-08-06T19:34:25.430Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\", \"versionEndIncluding\": \"2.5\", \"matchCriteriaId\": \"0F321706-6D4D-4735-A12D-12053A46AA4A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DF4C8BD3-24B8-4175-8D56-C870426EB797\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"32A09EC4-6F0F-4C33-991E-80C739B823AA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"2CCC2E0E-2253-49B8-9E42-391CD50D8D12\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"8C16BEF3-223C-4B45-A18B-D7A02AEDC996\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"17269B2D-6DC5-4461-9B5E-C2117B64BE8E\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D987E42-7693-432F-8763-7E61370DB855\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*\", \"matchCriteriaId\": \"1F10AF89-1388-4C90-878F-80FFB2FB8433\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*\", \"matchCriteriaId\": \"0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*\", \"matchCriteriaId\": \"C238EDF9-FC34-4438-B081-DFE7388EC2D9\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"24212CF8-4729-41AA-8293-1A81BC35928C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8D317E0F-C1E0-4D7E-9001-FC1896280452\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"891D98BD-DC0B-4A62-B2E9-7FB6598AE024\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*\", \"matchCriteriaId\": \"52F16830-AD76-4154-88F5-087C32FD6237\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*\", \"matchCriteriaId\": \"C0437CCF-1216-419A-86F5-BD0383E69DF8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*\", \"matchCriteriaId\": \"50B9564B-7382-481F-8CDE-B1F5224B4FCA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"8472A7E3-F0C1-43F0-9B65-81041F62912C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"422198F6-1891-4D61-941A-DEF803BFDE24\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"94A14599-F0E0-4A41-91F0-4E2AABF6164D\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"EF8CFA40-2AB0-4E13-BDE9-966095C034B5\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.\"}, {\"lang\": \"es\", \"value\": \"Pycrypto anterior a v2.6 no genera adecuadamente los n\\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\\u00fablica y hace m\\u00e1s f\\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada.\"}]",
      "id": "CVE-2012-2417",
      "lastModified": "2024-11-21T01:39:04.053",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:N/I:P/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2012-06-17T03:41:40.763",
      "references": "[{\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://secunia.com/advisories/49263\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2012/dsa-2502\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/05/25/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.osvdb.org/82279\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://www.securityfocus.com/bid/53687\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://bugs.launchpad.net/pycrypto/+bug/985164\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://hermes.opensuse.org/messages/15083589\", \"source\": \"cve@mitre.org\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://secunia.com/advisories/49263\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.debian.org/security/2012/dsa-2502\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.openwall.com/lists/oss-security/2012/05/25/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.osvdb.org/82279\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"http://www.securityfocus.com/bid/53687\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://bugs.launchpad.net/pycrypto/+bug/985164\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://hermes.opensuse.org/messages/15083589\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-310\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2012-2417\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2012-06-17T03:41:40.763\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.\"},{\"lang\":\"es\",\"value\":\"Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:N/I:P/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-310\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*\",\"versionEndIncluding\":\"2.5\",\"matchCriteriaId\":\"0F321706-6D4D-4735-A12D-12053A46AA4A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DF4C8BD3-24B8-4175-8D56-C870426EB797\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"32A09EC4-6F0F-4C33-991E-80C739B823AA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"2CCC2E0E-2253-49B8-9E42-391CD50D8D12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"8C16BEF3-223C-4B45-A18B-D7A02AEDC996\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"17269B2D-6DC5-4461-9B5E-C2117B64BE8E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D987E42-7693-432F-8763-7E61370DB855\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*\",\"matchCriteriaId\":\"1F10AF89-1388-4C90-878F-80FFB2FB8433\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*\",\"matchCriteriaId\":\"0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*\",\"matchCriteriaId\":\"C238EDF9-FC34-4438-B081-DFE7388EC2D9\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24212CF8-4729-41AA-8293-1A81BC35928C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8D317E0F-C1E0-4D7E-9001-FC1896280452\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"891D98BD-DC0B-4A62-B2E9-7FB6598AE024\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*\",\"matchCriteriaId\":\"52F16830-AD76-4154-88F5-087C32FD6237\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0437CCF-1216-419A-86F5-BD0383E69DF8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*\",\"matchCriteriaId\":\"50B9564B-7382-481F-8CDE-B1F5224B4FCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"8472A7E3-F0C1-43F0-9B65-81041F62912C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"422198F6-1891-4D61-941A-DEF803BFDE24\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"94A14599-F0E0-4A41-91F0-4E2AABF6164D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF8CFA40-2AB0-4E13-BDE9-966095C034B5\"}]}]}],\"references\":[{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://secunia.com/advisories/49263\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2502\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/05/25/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.osvdb.org/82279\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://www.securityfocus.com/bid/53687\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://bugs.launchpad.net/pycrypto/+bug/985164\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://hermes.opensuse.org/messages/15083589\",\"source\":\"cve@mitre.org\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://secunia.com/advisories/49263\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.debian.org/security/2012/dsa-2502\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.mandriva.com/security/advisories?name=MDVSA-2012:117\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.openwall.com/lists/oss-security/2012/05/25/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.osvdb.org/82279\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"http://www.securityfocus.com/bid/53687\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://bugs.launchpad.net/pycrypto/+bug/985164\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://exchange.xforce.ibmcloud.com/vulnerabilities/75871\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://hermes.opensuse.org/messages/15083589\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

OPENSUSE-SU-2024:10346-1

Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00

Summary

python-pycrypto-2.6.1-4.8 on GA media

Notes

Title of the patch

python-pycrypto-2.6.1-4.8 on GA media

Description of the patch

These are all security issues fixed in the python-pycrypto-2.6.1-4.8 package on the GA media of openSUSE Tumbleweed.

Patchnames

openSUSE-Tumbleweed-2024-10346

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "python-pycrypto-2.6.1-4.8 on GA media",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "These are all security issues fixed in the python-pycrypto-2.6.1-4.8 package on the GA media of openSUSE Tumbleweed.",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-Tumbleweed-2024-10346",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_10346-1.json"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2012-2417 page",
        "url": "https://www.suse.com/security/cve/CVE-2012-2417/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2013-1445 page",
        "url": "https://www.suse.com/security/cve/CVE-2013-1445/"
      }
    ],
    "title": "python-pycrypto-2.6.1-4.8 on GA media",
    "tracking": {
      "current_release_date": "2024-06-15T00:00:00Z",
      "generator": {
        "date": "2024-06-15T00:00:00Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2024:10346-1",
      "initial_release_date": "2024-06-15T00:00:00Z",
      "revision_history": [
        {
          "date": "2024-06-15T00:00:00Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.aarch64",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.aarch64",
                  "product_id": "python-pycrypto-2.6.1-4.8.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.aarch64",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.aarch64",
                  "product_id": "python3-pycrypto-2.6.1-3.4.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.ppc64le",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.ppc64le",
                  "product_id": "python-pycrypto-2.6.1-4.8.ppc64le"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.ppc64le",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.ppc64le",
                  "product_id": "python3-pycrypto-2.6.1-3.4.ppc64le"
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.s390x",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.s390x",
                  "product_id": "python-pycrypto-2.6.1-4.8.s390x"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.s390x",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.s390x",
                  "product_id": "python3-pycrypto-2.6.1-3.4.s390x"
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "python-pycrypto-2.6.1-4.8.x86_64",
                "product": {
                  "name": "python-pycrypto-2.6.1-4.8.x86_64",
                  "product_id": "python-pycrypto-2.6.1-4.8.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "python3-pycrypto-2.6.1-3.4.x86_64",
                "product": {
                  "name": "python3-pycrypto-2.6.1-3.4.x86_64",
                  "product_id": "python3-pycrypto-2.6.1-3.4.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "openSUSE Tumbleweed",
                "product": {
                  "name": "openSUSE Tumbleweed",
                  "product_id": "openSUSE Tumbleweed",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:tumbleweed"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python-pycrypto-2.6.1-4.8.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64"
        },
        "product_reference": "python-pycrypto-2.6.1-4.8.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.aarch64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.aarch64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.ppc64le as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.ppc64le",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.s390x as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.s390x",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "python3-pycrypto-2.6.1-3.4.x86_64 as component of openSUSE Tumbleweed",
          "product_id": "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        },
        "product_reference": "python3-pycrypto-2.6.1-3.4.x86_64",
        "relates_to_product_reference": "openSUSE Tumbleweed"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2012-2417",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2012-2417"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2012-2417",
          "url": "https://www.suse.com/security/cve/CVE-2012-2417"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 764127 for CVE-2012-2417",
          "url": "https://bugzilla.suse.com/764127"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2012-2417"
    },
    {
      "cve": "CVE-2013-1445",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2013-1445"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
          "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
          "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2013-1445",
          "url": "https://www.suse.com/security/cve/CVE-2013-1445"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 846214 for CVE-2013-1445",
          "url": "https://bugzilla.suse.com/846214"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.aarch64",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.ppc64le",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.s390x",
            "openSUSE Tumbleweed:python-pycrypto-2.6.1-4.8.x86_64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.aarch64",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.ppc64le",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.s390x",
            "openSUSE Tumbleweed:python3-pycrypto-2.6.1-3.4.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2024-06-15T00:00:00Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2013-1445"
    }
  ]
}

GSD-2012-2417

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2012-2417

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2012-2417",
    "description": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
    "id": "GSD-2012-2417",
    "references": [
      "https://www.suse.com/security/cve/CVE-2012-2417.html",
      "https://www.debian.org/security/2012/dsa-2502",
      "https://alas.aws.amazon.com/cve/html/CVE-2012-2417.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2012-2417"
      ],
      "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
      "id": "GSD-2012-2417",
      "modified": "2023-12-13T01:20:16.639401Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2012-2417",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-2502",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2012/dsa-2502"
          },
          {
            "name": "82279",
            "refsource": "OSVDB",
            "url": "http://www.osvdb.org/82279"
          },
          {
            "name": "FEDORA-2012-8470",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
          },
          {
            "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
            "refsource": "MISC",
            "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
          },
          {
            "name": "MDVSA-2012:117",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
          },
          {
            "name": "53687",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/53687"
          },
          {
            "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
            "refsource": "MISC",
            "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
          },
          {
            "name": "FEDORA-2012-8392",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
          },
          {
            "name": "49263",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/49263"
          },
          {
            "name": "FEDORA-2012-8490",
            "refsource": "FEDORA",
            "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
          },
          {
            "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
          },
          {
            "name": "openSUSE-SU-2012:0830",
            "refsource": "SUSE",
            "url": "https://hermes.opensuse.org/messages/15083589"
          },
          {
            "name": "pycrypto-keys-weak-security(75871)",
            "refsource": "XF",
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
          },
          {
            "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
            "refsource": "CONFIRM",
            "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.5",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2012-2417"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-310"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
            },
            {
              "name": "https://bugs.launchpad.net/pycrypto/+bug/985164",
              "refsource": "MISC",
              "tags": [],
              "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
            },
            {
              "name": "[oss-security] 20120524 CVE-2012-2417 - PyCrypto \u003c= 2.5 insecure ElGamal key generation",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
            },
            {
              "name": "FEDORA-2012-8470",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
            },
            {
              "name": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
            },
            {
              "name": "49263",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/49263"
            },
            {
              "name": "FEDORA-2012-8490",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
            },
            {
              "name": "FEDORA-2012-8392",
              "refsource": "FEDORA",
              "tags": [],
              "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
            },
            {
              "name": "82279",
              "refsource": "OSVDB",
              "tags": [],
              "url": "http://www.osvdb.org/82279"
            },
            {
              "name": "53687",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/53687"
            },
            {
              "name": "openSUSE-SU-2012:0830",
              "refsource": "SUSE",
              "tags": [],
              "url": "https://hermes.opensuse.org/messages/15083589"
            },
            {
              "name": "DSA-2502",
              "refsource": "DEBIAN",
              "tags": [],
              "url": "http://www.debian.org/security/2012/dsa-2502"
            },
            {
              "name": "MDVSA-2012:117",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
            },
            {
              "name": "pycrypto-keys-weak-security(75871)",
              "refsource": "XF",
              "tags": [],
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2017-08-29T01:31Z",
      "publishedDate": "2012-06-17T03:41Z"
    }
  }
}

FKIE_CVE-2012-2417

Vulnerability from fkie_nvd - Published: 2012-06-17 03:41 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
cve@mitre.org	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
cve@mitre.org	http://secunia.com/advisories/49263	Vendor Advisory
cve@mitre.org	http://www.debian.org/security/2012/dsa-2502
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
cve@mitre.org	http://www.openwall.com/lists/oss-security/2012/05/25/1
cve@mitre.org	http://www.osvdb.org/82279
cve@mitre.org	http://www.securityfocus.com/bid/53687
cve@mitre.org	https://bugs.launchpad.net/pycrypto/+bug/985164
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
cve@mitre.org	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
cve@mitre.org	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
cve@mitre.org	https://hermes.opensuse.org/messages/15083589
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/49263	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2012/dsa-2502
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2012/05/25/1
af854a3a-2127-422b-91ae-364da2661108	http://www.osvdb.org/82279
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/53687
af854a3a-2127-422b-91ae-364da2661108	https://bugs.launchpad.net/pycrypto/+bug/985164
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
af854a3a-2127-422b-91ae-364da2661108	https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	https://hermes.opensuse.org/messages/15083589

Impacted products

Vendor	Product	Version
dlitz	pycrypto	*
dlitz	pycrypto	1.0.0
dlitz	pycrypto	1.0.1
dlitz	pycrypto	1.0.2
dlitz	pycrypto	1.1
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	1.9
dlitz	pycrypto	2.0
dlitz	pycrypto	2.0.1
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.1.0
dlitz	pycrypto	2.2
dlitz	pycrypto	2.3
dlitz	pycrypto	2.4
dlitz	pycrypto	2.4.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
              "versionEndIncluding": "2.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
              "matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
              "matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
              "matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
              "matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
              "matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
              "matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
              "matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key."
    },
    {
      "lang": "es",
      "value": "Pycrypto anterior a v2.6 no genera adecuadamente los n\u00fameros primos cuando se utiliza un esquema basado en ElGamal para generar una clave, lo que reduce el espacio de la firma o el espacio de claves p\u00fablica y hace m\u00e1s f\u00e1cil para los atacantes para llevar a cabo ataques de fuerza bruta para obtener la clave privada."
    }
  ],
  "id": "CVE-2012-2417",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "NONE",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-06-17T03:41:40.763",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://hermes.opensuse.org/messages/15083589"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GHSA-V367-P58W-98H5

Vulnerability from github – Published: 2022-05-17 01:46 – Updated: 2024-10-21 20:04

Summary

PyCrypto makes Use of Insufficiently Random Values

Details

Severity ?

5.3 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "PyCrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-30T14:35:18Z",
    "nvd_published_at": "2012-06-17T03:41:00Z",
    "severity": "MODERATE"
  },
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "GHSA-v367-p58w-98h5",
  "modified": "2024-10-21T20:04:17Z",
  "published": "2022-05-17T01:46:08Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2417"
    },
    {
      "type": "WEB",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/Legrandin/pycrypto"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/pycrypto/PYSEC-2012-16.yaml"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20140724111917/http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "https://web.archive.org/web/20200228184120/http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "PyCrypto makes Use of Insufficiently Random Values"
}

CERTA-2012-AVI-299

Vulnerability from certfr_avis - Published: - Updated:

Une vulnérabilité a été corrigée dans PyCrypto. Une erreur dans la génération des clés ElGamal permet à un attaquant de reduire grandement l'espace de clés dans le cas d'une attaque par recherche exhaustive.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation). La version 2.6 de PyCrypto corrige le problème. Les clés ElGamal générées avec une version antérieure devront être regénérées.

PyCrypto versions 2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Journal de modifications de version de PyCrypto	None	vendor-advisory
Référence CVE CVE-2012-2417 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ePyCrypto versions 2.5 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 2.6 de PyCrypto\ncorrige le probl\u00e8me. Les cl\u00e9s ElGamal g\u00e9n\u00e9r\u00e9es avec une version\nant\u00e9rieure devront \u00eatre reg\u00e9n\u00e9r\u00e9es.\n",
  "cves": [
    {
      "name": "CVE-2012-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2417"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2012-2417 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2417"
    }
  ],
  "reference": "CERTA-2012-AVI-299",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans PyCrypto. Une erreur dans la\ng\u00e9n\u00e9ration des cl\u00e9s ElGamal permet \u00e0 un attaquant de reduire grandement\nl\u0027espace de cl\u00e9s dans le cas d\u0027une attaque par recherche exhaustive.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PyCrypto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Journal de modifications de version de PyCrypto",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    }
  ]
}

CERTA-2012-AVI-299

Vulnerability from certfr_avis - Published: - Updated:

Solution

PyCrypto versions 2.5 et antérieures.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Journal de modifications de version de PyCrypto	None	vendor-advisory
Référence CVE CVE-2012-2417 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cp\u003ePyCrypto versions 2.5 et ant\u00e9rieures.\u003c/p\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation). La version 2.6 de PyCrypto\ncorrige le probl\u00e8me. Les cl\u00e9s ElGamal g\u00e9n\u00e9r\u00e9es avec une version\nant\u00e9rieure devront \u00eatre reg\u00e9n\u00e9r\u00e9es.\n",
  "cves": [
    {
      "name": "CVE-2012-2417",
      "url": "https://www.cve.org/CVERecord?id=CVE-2012-2417"
    }
  ],
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2012-2417 :",
      "url": "http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-2417"
    }
  ],
  "reference": "CERTA-2012-AVI-299",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2012-05-30T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 a \u00e9t\u00e9 corrig\u00e9e dans PyCrypto. Une erreur dans la\ng\u00e9n\u00e9ration des cl\u00e9s ElGamal permet \u00e0 un attaquant de reduire grandement\nl\u0027espace de cl\u00e9s dans le cas d\u0027une attaque par recherche exhaustive.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans PyCrypto",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Journal de modifications de version de PyCrypto",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    }
  ]
}

PYSEC-2012-16

Vulnerability from pysec - Published: 2012-06-17 03:41 - Updated: 2021-08-27 03:22

Details

Impacted products

Name	purl
pycrypto	pkg:pypi/pycrypto

Aliases

CVE-2012-2417

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "pycrypto",
        "purl": "pkg:pypi/pycrypto"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "9f912f13df99ad3421eff360d6a62d7dbec755c2"
            }
          ],
          "repo": "https://github.com/Legrandin/pycrypto",
          "type": "GIT"
        },
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "2.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ],
      "versions": [
        "1.9a2",
        "1.9a5",
        "1.9a6",
        "2.0",
        "2.0.1",
        "2.1.0",
        "2.2",
        "2.3",
        "2.4",
        "2.4.1",
        "2.5"
      ]
    }
  ],
  "aliases": [
    "CVE-2012-2417"
  ],
  "details": "PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.",
  "id": "PYSEC-2012-16",
  "modified": "2021-08-27T03:22:16.601238Z",
  "published": "2012-06-17T03:41:00Z",
  "references": [
    {
      "type": "FIX",
      "url": "https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2"
    },
    {
      "type": "WEB",
      "url": "https://bugs.launchpad.net/pycrypto/+bug/985164"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2012/05/25/1"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html"
    },
    {
      "type": "WEB",
      "url": "https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog"
    },
    {
      "type": "ADVISORY",
      "url": "http://secunia.com/advisories/49263"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html"
    },
    {
      "type": "WEB",
      "url": "http://www.osvdb.org/82279"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/53687"
    },
    {
      "type": "WEB",
      "url": "https://hermes.opensuse.org/messages/15083589"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.debian.org/security/2012/dsa-2502"
    },
    {
      "type": "ADVISORY",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:117"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/75871"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2012-2417 (GCVE-0-2012-2417)

OPENSUSE-SU-2024:10346-1

GSD-2012-2417

FKIE_CVE-2012-2417

GHSA-V367-P58W-98H5

CERTA-2012-AVI-299

Solution

CERTA-2012-AVI-299

Solution

PYSEC-2012-16

Tags

Sightings

Nomenclature