CVE-2013-7459 log

Severity Critical
Remote Yes
Type Arbitrary code execution
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.
Group Package Affected Fixed Severity Status Ticket
AVG-118 python-crypto, python2-crypto 2.6.1-4 2.6.1-5 Critical Fixed
Date Advisory Group Package Severity Type
15 Jan 2017 ASA-201701-26 AVG-118 python-crypto Critical arbitrary code execution
15 Jan 2017 ASA-201701-25 AVG-118 python2-crypto Critical arbitrary code execution
folowing code causes crash:
>>> from Crypto.Cipher import AES
>>>'\000' * 16, AES.MODE_ECB, b'\000' * 555)
<Crypto.Cipher.AES.AESCipher instance at 0x7f727e0afcf8>
*** Error in `python2': malloc(): memory corruption: 0x000055aa93800c00 ***