FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-04-23 14:57:51 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
5a021595-fba9-11dd-86f3-0030843d3802	pycrypto -- ARC2 module buffer overflow Dwayne C. Litzenberger reports: pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes. Discovery 2009-02-06 Entry 2009-02-15 py-pycrypto < 2.0.1_2 http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html
f45c0049-be72-11e1-a284-0023ae8e59f0	pycrypto -- vulnerable ElGamal key generation Dwayne C. Litzenberger of PyCrypto reports: In the ElGamal schemes (for both encryption and signatures), g is supposed to be the generator of the entire Z^_p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^_p. The result is that the signature space (when the key is used for signing) or the public key space (when the key is used for encryption) may be greatly reduced from its expected size of log(p) bits, possibly down to 1 bit (the worst case if the order of g is 2). While it has not been confirmed, it has also been suggested that an attacker might be able to use this fact to determine the private key. Anyone using ElGamal keys should generate new keys as soon as practical. Any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164 Discovery 2012-05-24 Entry 2012-06-24 py-pycrypto ge 2.5 lt 2.6 CVE-2012-2417 http://lists.dlitz.net/pipermail/pycrypto/2012q2/000587.html https://bugs.launchpad.net/pycrypto/+bug/985164

VuXML ID

Description

5a021595-fba9-11dd-86f3-0030843d3802

pycrypto -- ARC2 module buffer overflow

Dwayne C. Litzenberger reports:

pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes.

Discovery 2009-02-06
Entry 2009-02-15
py-pycrypto

< 2.0.1_2

http://lists.dlitz.net/pipermail/pycrypto/2009q1/000062.html

f45c0049-be72-11e1-a284-0023ae8e59f0

pycrypto -- vulnerable ElGamal key generation

Dwayne C. Litzenberger of PyCrypto reports:

In the ElGamal schemes (for both encryption and signatures), g is supposed to be the generator of the entire Z^*_p group. However, in PyCrypto 2.5 and earlier, g is more simply the generator of a random sub-group of Z^*_p.

The result is that the signature space (when the key is used for signing) or the public key space (when the key is used for encryption) may be greatly reduced from its expected size of log(p) bits, possibly down to 1 bit (the worst case if the order of g is 2).

While it has not been confirmed, it has also been suggested that an attacker might be able to use this fact to determine the private key.

Anyone using ElGamal keys should generate new keys as soon as practical.

Any additional information about this bug will be tracked at https://bugs.launchpad.net/pycrypto/+bug/985164

Discovery 2012-05-24
Entry 2012-06-24
py-pycrypto

ge 2.5 lt 2.6

CVE-2012-2417
http://lists.dlitz.net/pipermail/pycrypto/2012q2/000587.html
https://bugs.launchpad.net/pycrypto/+bug/985164