CVE-2012-2417

PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
dlitzpycrypto
𝑥
≤ 2.5
dlitzpycrypto
1.0.0
dlitzpycrypto
1.0.1
dlitzpycrypto
1.0.2
dlitzpycrypto
1.1:alpha2
dlitzpycrypto
1.9:alpha1
dlitzpycrypto
1.9:alpha2
dlitzpycrypto
1.9:alpha3
dlitzpycrypto
1.9:alpha4
dlitzpycrypto
1.9:alpha5
dlitzpycrypto
1.9:alpha6
dlitzpycrypto
2.0
dlitzpycrypto
2.0.1
dlitzpycrypto
2.1.0
dlitzpycrypto
2.1.0:alpha1
dlitzpycrypto
2.1.0:alpha2
dlitzpycrypto
2.1.0:beta1
dlitzpycrypto
2.2
dlitzpycrypto
2.3
dlitzpycrypto
2.4
dlitzpycrypto
2.4.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-crypto
precise
Fixed 2.4.1-1ubuntu0.1
released
oneiric
Fixed 2.3-2ubuntu0.1
released
natty
Fixed 2.1.0-2ubuntu1.1
released
lucid
Fixed 2.0.1+dfsg1-4ubuntu2.2
released
hardy
ignored
Common Weakness Enumeration
References
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
http://secunia.com/advisories/49263
http://www.debian.org/security/2012/dsa-2502
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
http://www.openwall.com/lists/oss-security/2012/05/25/1
http://www.osvdb.org/82279
http://www.securityfocus.com/bid/53687
https://bugs.launchpad.net/pycrypto/+bug/985164
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
https://hermes.opensuse.org/messages/15083589
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081713.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081759.html
http://lists.fedoraproject.org/pipermail/package-announce/2012-June/081789.html
http://secunia.com/advisories/49263
http://www.debian.org/security/2012/dsa-2502
http://www.mandriva.com/security/advisories?name=MDVSA-2012:117
http://www.openwall.com/lists/oss-security/2012/05/25/1
http://www.osvdb.org/82279
http://www.securityfocus.com/bid/53687
https://bugs.launchpad.net/pycrypto/+bug/985164
https://exchange.xforce.ibmcloud.com/vulnerabilities/75871
https://github.com/Legrandin/pycrypto/commit/9f912f13df99ad3421eff360d6a62d7dbec755c2
https://github.com/dlitz/pycrypto/blob/373ea760f21701b162e8c4912a66928ee30d401a/ChangeLog
https://hermes.opensuse.org/messages/15083589