CVE-2018-15560

Опубликовано: 20 авг. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

Ссылки

https://github.com/Legrandin/pycryptodome/issues/198
Exploit
Third Party Advisory
https://whitehatck01.blogspot.com/2018/08/integer-overflow-vulnerability-in.html
Exploit
Third Party Advisory
https://github.com/Legrandin/pycryptodome/issues/198
Exploit
Third Party Advisory
https://whitehatck01.blogspot.com/2018/08/integer-overflow-vulnerability-in.html
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:pycryptodome:pycryptodome:*:*:*:*:*:*:*:*

Версия до 3.6.6 (исключая)

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190

Связанные уязвимости

CVE-2018-15560

CVSS3: 7.5

ubuntu

больше 7 лет назад

CVE-2018-15560

CVSS3: 7.5

debian

больше 7 лет назад

PyCryptodome before 3.6.6 has an integer overflow in the data_len vari ...

GHSA-hgg3-g7gr-66r7

CVSS3: 7.5

github

больше 7 лет назад

PyCryptodome integer overflow vulnerability

EPSS

Процентиль: 55%

0.00328

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-190