Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS14Mzc3LWY2NHAtaGY1as4AAe7b
PyCrypto does not properly reseed PRNG before allowing access
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
Permalink: https://github.com/advisories/GHSA-x377-f64p-hf5jJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS14Mzc3LWY2NHAtaGY1as4AAe7b
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: 16 days ago
Identifiers: GHSA-x377-f64p-hf5j, CVE-2013-1445
References:
- https://nvd.nist.gov/vuln/detail/CVE-2013-1445
- https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175
- http://www.debian.org/security/2013/dsa-2781
- http://www.openwall.com/lists/oss-security/2013/10/17/3
- https://github.com/advisories/GHSA-x377-f64p-hf5j
Blast Radius: 0.0
Affected Packages
pypi:pycrypto
Dependent packages: 201Dependent repositories: 30,404
Downloads: 8,373,600 last month
Affected Version Ranges: < 2.6.1
Fixed in: 2.6.1
All affected versions: 2.0.1, 2.1.0, 2.4.1
All unaffected versions: 2.6.1