PYSEC-2018-97

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pycrypto/PYSEC-2018-97.yaml

JSON Data

https://api.osv.dev/v1/vulns/PYSEC-2018-97

Aliases

CVE-2018-6594
GHSA-6528-wvf6-f6qg

Published

2018-02-03T15:29:00Z

Modified

2023-11-08T04:00:21.756085Z

Summary

[none]

Details

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

References

https://github.com/TElgamal/attack-on-pycrypto-elgamal
https://github.com/dlitz/pycrypto/issues/253
https://lists.debian.org/debian-lts-announce/2018/02/msg00018.html
https://usn.ubuntu.com/3616-1/
https://usn.ubuntu.com/3616-2/
https://security.gentoo.org/glsa/202007-62
https://github.com/advisories/GHSA-6528-wvf6-f6qg

Affected packages

PyPI / pycrypto

Package

Name: pycrypto; View open source insights on deps.dev
Purl: pkg:pypi/pycrypto

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.9a2

1.9a5

1.9a6

2.*

2.0

2.0.1

2.1.0

2.2

2.3

2.4

2.4.1

2.5

2.6

2.6.1