PYSEC-2013-29

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/pycrypto/PYSEC-2013-29.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2013-29

Aliases

CVE-2013-1445
GHSA-x377-f64p-hf5j

Published

2013-10-26T17:55:00Z

Modified

2024-04-22T23:12:43.068674Z

Summary

[none]

Details

The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.

References

Affected packages

PyPI / pycrypto

Package

Name: pycrypto; View open source insights on deps.dev
Purl: pkg:pypi/pycrypto

Affected ranges

Type: GIT
Repo: https://github.com/dlitz/pycrypto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

19dcf7b15d61b7dc1a125a367151de40df6ef175

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.6.1

Affected versions

1.*

1.9a2

1.9a5

1.9a6

2.*

2.0

2.0.1

2.1.0

2.2

2.3

2.4

2.4.1

2.5

2.6