CVE-2018-15560

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2018-15560
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15560.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2018-15560
Aliases
Published
2018-08-20T00:29:00.697Z
Modified
2026-04-10T04:06:53.698772Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

References

Affected packages

Git / github.com/legrandin/pycryptodome

Affected ranges

Type
GIT
Repo
https://github.com/legrandin/pycryptodome
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9788edcd38f2104ae6def75caab90346eb3d4c69
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.6.6"
        }
    ]
}

Affected versions

v3.*
v3.0
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.2
v3.2.1
v3.3
v3.3.1
v3.4
v3.4.1
v3.4.10
v3.4.11
v3.4.12
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.4.8
v3.4.9
v3.5.1
v3.6.0
v3.6.1
v3.6.2
v3.6.3
v3.6.4
v3.6.5
v3.6.6

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15560.json"