CVE-2012-2417

Published Jun 17, 2012

Last updated 7 years ago

CVSS info 4.3

Overview

Description: PyCrypto before 2.6 does not produce appropriate prime numbers when using an ElGamal scheme to generate a key, which reduces the signature space or public key space and makes it easier for attackers to conduct brute force attacks to obtain the private key.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.3
Impact score: 2.9
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:N/I:P/A:N

Weaknesses

nvd@nist.gov: CWE-310

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F321706-6D4D-4735-A12D-12053A46AA4A",
            "versionEndIncluding": "2.5"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DF4C8BD3-24B8-4175-8D56-C870426EB797"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "32A09EC4-6F0F-4C33-991E-80C739B823AA"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2CCC2E0E-2253-49B8-9E42-391CD50D8D12"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.1:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CF21F7F0-84D8-44C9-99B5-CE98B58D3AB0"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8C16BEF3-223C-4B45-A18B-D7A02AEDC996"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17269B2D-6DC5-4461-9B5E-C2117B64BE8E"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D987E42-7693-432F-8763-7E61370DB855"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1F10AF89-1388-4C90-878F-80FFB2FB8433"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0AEF75BE-5255-4A0E-9CF3-1DBBDF08A265"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:1.9:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C238EDF9-FC34-4438-B081-DFE7388EC2D9"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24212CF8-4729-41AA-8293-1A81BC35928C"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8D317E0F-C1E0-4D7E-9001-FC1896280452"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "891D98BD-DC0B-4A62-B2E9-7FB6598AE024"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "52F16830-AD76-4154-88F5-087C32FD6237"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0437CCF-1216-419A-86F5-BD0383E69DF8"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.1.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50B9564B-7382-481F-8CDE-B1F5224B4FCA"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8472A7E3-F0C1-43F0-9B65-81041F62912C"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "422198F6-1891-4D61-941A-DEF803BFDE24"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "94A14599-F0E0-4A41-91F0-4E2AABF6164D"
          },
          {
            "criteria": "cpe:2.3:a:dlitz:pycrypto:2.4.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EF8CFA40-2AB0-4E13-BDE9-966095C034B5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References