| Severity |
|
| Remote |
|
| Type |
| + |
Arbitrary code execution |
|
| Description |
| + |
A heap-buffer overflow vulnerability was discovered in pycrypto leading to arbitrary code execution. All users of pycrypto's AES module that allow the mode of operation to be specified by an attacker, check for ECB explicitly and create the objects without specifying an IV are vulnerable to this issue. |
|
| References |
| + |
https://github.com/dlitz/pycrypto/issues/176 |
| + |
https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4 |
| + |
http://seclists.org/oss-sec/2016/q4/760 |
|
| Notes |
| + |
folowing code causes crash: |
| + |
>>> from Crypto.Cipher import AES |
| + |
>>> AES.new(b'\000' * 16, AES.MODE_ECB, b'\000' * 555) |
| + |
<Crypto.Cipher.AES.AESCipher instance at 0x7f727e0afcf8> |
| + |
*** Error in `python2': malloc(): memory corruption: 0x000055aa93800c00 *** |
|