PYSEC-2018-21

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pycryptodome/PYSEC-2018-21.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2018-21
Aliases
Published
2018-08-20T00:29:00Z
Modified
2023-11-08T03:59:57.665352Z
Summary
[none]
Details

PyCryptodome before 3.6.6 has an integer overflow in the datalen variable in AESNI.c, related to the AESNIencrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

References

Affected packages

PyPI / pycryptodome

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.6.6

Affected versions

3.*

3.0rc1
3.0
3.1
3.2
3.2.1
3.3
3.3.1
3.4
3.4.3
3.4.4
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.11
3.5.0
3.5.1
3.6.0
3.6.1
3.6.3
3.6.4
3.6.5