CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
http://secunia.com/advisories/49263	Vendor Advisory
http://www.debian.org/security/2012/dsa-2502
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
http://www.openwall.com/lists/oss-security/2012/05/25/1
http://www.osvdb.org/82279
http://www.securityfocus.com/bid/53687
https://bugs.launchpad.net/pycrypto/+bug/985164
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit Patch
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
https://hermes.opensuse.org/messages/15083589
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
http://secunia.com/advisories/49263	Vendor Advisory
http://www.debian.org/security/2012/dsa-2502
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
http://www.openwall.com/lists/oss-security/2012/05/25/1
http://www.osvdb.org/82279
http://www.securityfocus.com/bid/53687
https://bugs.launchpad.net/pycrypto/+bug/985164
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2	Exploit Patch
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
https://hermes.opensuse.org/messages/15083589

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:dlitz:pycrypto::::::::
	cpe:2.3:a:dlitz:pycrypto:1.0.0:::::::*
	cpe:2.3:a:dlitz:pycrypto:1.0.1:::::::*
	cpe:2.3:a:dlitz:pycrypto:1.0.2:::::::*
	cpe:2.3:a:dlitz:pycrypto:1.1:alpha2::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha1::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha2::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha3::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha4::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha5::::::
	cpe:2.3:a:dlitz:pycrypto:1.9:alpha6::::::
	cpe:2.3:a:dlitz:pycrypto:2.0:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.0.1:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.1.0:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1::::::
	cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2::::::
	cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1::::::
	cpe:2.3:a:dlitz:pycrypto:2.2:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.3:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.4:::::::*
	cpe:2.3:a:dlitz:pycrypto:2.4.1:::::::*

History

21 Nov 2024, 01:39

Type	Values Removed	Values Added
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html -
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html -
References	~~() http://secunia.com/advisories/49263 - Vendor Advisory~~	() http://secunia.com/advisories/49263 - Vendor Advisory
References	~~() http://www.debian.org/security/2012/dsa-2502 -~~	() http://www.debian.org/security/2012/dsa-2502 -
References	~~() http://www.mandriva.com/security/advisories?name=MDVSA-2012:117 -~~	() http://www.mandriva.com/security/advisories?name=MDVSA-2012:117 -
References	~~() http://www.openwall.com/lists/oss-security/2012/05/25/1 -~~	() http://www.openwall.com/lists/oss-security/2012/05/25/1 -
References	~~() http://www.osvdb.org/82279 -~~	() http://www.osvdb.org/82279 -
References	~~() http://www.securityfocus.com/bid/53687 -~~	() http://www.securityfocus.com/bid/53687 -
References	~~() https://bugs.launchpad.net/pycrypto/+bug/985164 -~~	() https://bugs.launchpad.net/pycrypto/+bug/985164 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/75871 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/75871 -
References	~~() https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2 - Exploit, Patch~~	() https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2 - Exploit, Patch
References	~~() https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog -~~	() https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog -
References	~~() https://hermes.opensuse.org/messages/15083589 -~~	() https://hermes.opensuse.org/messages/15083589 -

Information

Published : 2012-06-17 03:41

Updated : 2025-04-11 00:51

NVD link : CVE-2012-2417

Mitre link : CVE-2012-2417

CVE.ORG link : CVE-2012-2417

JSON object : View

Products Affected

dlitz

pycrypto

CWE

CWE-310

Cryptographic Issues

4.3 /10