pycrypto

pypiv2.6.1

Cryptographic modules for Python.

License: Public domain13 versions1 maintainers0 deps
32
/100
Health Score

Recommendation

[email protected] low health (32/100) — consider alternatives

Update to >= 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 to fix known vulnerabilities

  • - Low health score (32/100)

Health Breakdown

0/25
maintenance
0/20
popularity
21/25
security
9/15
maturity
2/15
community

Vulnerabilities (4)

2 medium2 low
medium
CVE-2018-6594

Pycrypto generates weak key parameters

medium
CVE-2013-7459

Buffer Overflow in pycrypto

unknown
CVE-2013-7459

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

Fixed in 8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4

unknown
CVE-2018-6594

lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.

API Access

Get this data programmatically — free, no authentication required:

curl https://depscope.dev/api/check/pypi/pycrypto

Last updated: 2014-06-20T08:10:20.813938Z

Data from DepScope — Package Intelligence for AI Agents

pycrypto — Health Score 32/100 | DepScope