CVE-2013-7459 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Critical
Remote	Yes
Type	Arbitrary code execution
Description	A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-118	python-crypto, python2-crypto	2.6.1-4	2.6.1-5	Critical	Fixed

Date	Advisory	Group	Package	Severity	Type
15 Jan 2017	ASA-201701-26	AVG-118	python-crypto	Critical	arbitrary code execution
15 Jan 2017	ASA-201701-25	AVG-118	python2-crypto	Critical	arbitrary code execution

References
https://github.com/dlitz/pycrypto/issues/176 https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 http://seclists.org/oss-sec/2016/q4/760

Notes
folowing code causes crash: >>> from Crypto.Cipher import AES >>> AES.new(b'\000' * 16, AES.MODE_ECB, b'\000' * 555) <Crypto.Cipher.AES.AESCipher instance at 0x7f727e0afcf8> * Error in `python2': malloc(): memory corruption: 0x000055aa93800c00 *

Notes

folowing code causes crash:
>>> from Crypto.Cipher import AES
>>> AES.new(b'\000' * 16, AES.MODE_ECB, b'\000' * 555)
<Crypto.Cipher.AES.AESCipher instance at 0x7f727e0afcf8>
*** Error in `python2': malloc(): memory corruption: 0x000055aa93800c00 ***