资产安全
商业安全
安全服务
返回- 漏洞ID:1143539
- 漏洞类型:缓冲区溢出
- 发布日期:2016-12-26
- 更新时间:2017-03-07
- CVE编号:CVE-2013-7459
- CNNVD-ID:CNNVD-201612-746
- 漏洞平台:N/A
- CVSS评分:7.5
<a href="https://www.securityfocus.com/bid/95122" target="_blank">https://www.securityfocus.com/bid/95122</a><br/> <a href="http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201612-746" target="_blank">http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201612-746</a><br/>
PythonCryptographyToolkit(又名pycrypto)是一个使用Python编写的加密工具包,它包含了MD5、AES、DES3等加密算法。PythonCryptographyToolkit中的block_templace.c文件的‘ALGnew’函数存在基于堆的缓冲区溢出漏洞。远程攻击者可通过向cryptmsg.py文件发送‘iv’参数利用该漏洞执行任意代码。
来源:BID
链接:http://www.securityfocus.com/bid/95122
来源:github.com
链接:https://github.com/dlitz/pycrypto/commit/8dbe0dc3eea5c689d4f76b37b93fe216cf1f00d4
来源:MLIST
链接:http://www.openwall.com/lists/oss-security/2016/12/27/8
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RJ37R2YLX56YZABFNAOWV4VTHTGYREAE/
来源:pony7.fr
链接:https://pony7.fr/ctf:public:32c3:cryptmsg
来源:bugzilla.redhat.com
链接:https://bugzilla.redhat.com/show_bug.cgi?id=1409754
来源:github.com
链接:https://github.com/dlitz/pycrypto/issues/176
来源:FEDORA
链接:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/C6BWNADPLKDBBQBUT3P75W7HAJCE7M3B/
微信扫码关注公众号
