Skip to main content

Pycryptodome

2 CVEs product

Monthly

CVE-2023-52323 PyPI MEDIUM PATCH This Month

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pycryptodome Pycryptodomex
NVD GitHub
CVSS 3.1
5.9
EPSS
0.1%
CVE-2018-15560 PyPI HIGH POC PATCH This Week

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pycryptodome
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
EPSS 0% CVSS 5.9
MEDIUM PATCH This Month

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required.

Information Disclosure Pycryptodome Pycryptodomex
NVD GitHub
EPSS 2% CVSS 7.5
HIGH POC PATCH This Week

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Integer Overflow Buffer Overflow Pycryptodome
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy