Description
PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
References (14)
Core 14
Core References
Issue Tracking x_refsource_misc
https://bugs.launchpad.net/pycrypto/+bug/985164
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2502
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82279
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
Exploit, Patch x_refsource_misc
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53687
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49263
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/05/25/1
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15083589
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
Various Sources x_refsource_confirm
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
Scores
EPSS
0.0273
EPSS Percentile
84.3%
Details
CWE
CWE-310
Status
published
Products (14)
dlitz/pycrypto
1.0.0
dlitz/pycrypto
1.0.1
dlitz/pycrypto
1.0.2
dlitz/pycrypto
1.1 alpha2
dlitz/pycrypto
1.9 alpha1 (6 CPE variants)
dlitz/pycrypto
2.0
dlitz/pycrypto
2.0.1
dlitz/pycrypto
2.1.0 (4 CPE variants)
dlitz/pycrypto
2.2
dlitz/pycrypto
2.3
... and 4 more
Published
Jun 17, 2012
Tracked Since
Feb 18, 2026