Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Integer overflow vulnerability in pycryptodome module #198

Closed
byck01 opened this issue Aug 17, 2018 · 1 comment
Closed

Integer overflow vulnerability in pycryptodome module #198

byck01 opened this issue Aug 17, 2018 · 1 comment

Comments

@byck01
Copy link

byck01 commented Aug 17, 2018

1.Install pycryptodome module in python

2.Run the following poc
python poc.py

from Crypto.Cipher import AES
data = 'hello'
key = b'this is a 16 key'
aes = AES.new(key,AES.MODE_ECB)
aes.encrypt(data.encode())

3.python will crash(Segmentation fault)

4.Specific vulnerability analysis reference:
https://whitehatck01.blogspot.com/2018/08/integer-overflow-vulnerability-in.html
@byck01 byck01 closed this as completed Aug 17, 2018
@byck01 byck01 reopened this Aug 17, 2018
Legrandin added a commit that referenced this issue Aug 17, 2018
@Legrandin
Fix issue #198: AESNI breaks with messages shorter than 16 bytes
7c57e7d
Legrandin added a commit that referenced this issue Aug 17, 2018
@Legrandin
Fix issue #198: AESNI breaks with messages shorter than 16 bytes
d1739c6
@Luro02 Luro02 mentioned this issue Aug 17, 2018
Closed
@Legrandin
Copy link
Owner

Thank you! This is fixed in v3.6.6.

@voith voith mentioned this issue Aug 28, 2018
Merged
@smcoll smcoll mentioned this issue Oct 15, 2018
Closed
teeparham pushed a commit to teeparham/ndkale that referenced this issue Apr 16, 2020
Use pycryptodome 3.6.6 on Travis
b05efe3 
We were pinned to 3.6.1 because of Legrandin/pycryptodome#198, which is fixed in 3.6.6
@teeparham teeparham mentioned this issue Apr 16, 2020
Merged
@dependabot dependabot bot mentioned this issue Mar 11, 2021
Open
This was referenced Aug 28, 2022
Open
Open
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Legrandin @byck01