CVE-2013-7459 log
Source |
|
Severity | Critical |
Remote | Yes |
Type | Arbitrary code execution |
Description | A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-118 | python-crypto, python2-crypto | 2.6.1-4 | 2.6.1-5 | Critical | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
15 Jan 2017 | ASA-201701-26 | AVG-118 | python-crypto | Critical | arbitrary code execution |
15 Jan 2017 | ASA-201701-25 | AVG-118 | python2-crypto | Critical | arbitrary code execution |
References |
---|
https://github.com/dlitz/pycrypto/issues/176 https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 http://seclists.org/oss-sec/2016/q4/760 |
Notes |
---|
folowing code causes crash: >>> from Crypto.Cipher import AES >>> AES.new(b'\000' * 16, AES.MODE_ECB, b'\000' * 555) <Crypto.Cipher.AES.AESCipher instance at 0x7f727e0afcf8> *** Error in `python2': malloc(): memory corruption: 0x000055aa93800c00 *** |