ALT-PU-2024-12930-2
Package python3-module-pycryptodome updated to version 3.20.0-alt1 for branch sisyphus in task 338683.
Closed vulnerabilities
Published: 2024-01-17
Modified: 2024-05-06
Modified: 2024-05-06
BDU:2024-00329
Уязвимость библиотек для генерации биткоин-адресов и приватных ключей PyCryptodome и PyCryptodomeX, связанная с раскрытием информации через несоответствие, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
Severity: MEDIUM (5.9)Vector: AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM (5.4)Vector: AV:N/AC:H/Au:N/C:C/I:N/A:N
References:
Published: 2024-01-05
Modified: 2025-06-03
Modified: 2025-06-03
CVE-2023-52323
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
Severity: MEDIUM (5.9)Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References:
Published: 2024-01-05
Modified: 2024-10-21
Modified: 2024-10-21
GHSA-j225-cvw7-qrx7
PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
Severity: HIGH (7.1)Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Severity: HIGH (7.1)Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References:
- https://nvd.nist.gov/vuln/detail/CVE-2023-52323
- https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd
- https://github.com/Legrandin/pycryptodome
- https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst
- https://github.com/pypa/advisory-database/tree/main/vulns/pycryptodomex/PYSEC-2024-3.yaml
- https://pypi.org/project/pycryptodomex/#history