Launchpad CVE tracker

CVE 2013-7459

Heap-based buffer overflow in the ALGnew function in block_templace.c in Python Cryptography Toolkit (aka pycrypto) allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py.

Related bugs and status

CVE-2013-7459 (Candidate) is related to these bugs:

Bug #1665565: python-paramiko 1.16.0-1 incompatible with python-crypto 2.6.1-6ubuntu0.16.04.1

		In	Importance	Status
1665565	python-paramiko 1.16.0-1 incompatible with python-crypto 2.6.1-6ubuntu0.16.04.1	paramiko (Ubuntu)	Critical	Invalid
1665565	python-paramiko 1.16.0-1 incompatible with python-crypto 2.6.1-6ubuntu0.16.04.1	OpenStack Charm Test Infra	Critical	Fix Released
1665565	python-paramiko 1.16.0-1 incompatible with python-crypto 2.6.1-6ubuntu0.16.04.1	MySQL Workbench	Undecided	Invalid

Bug #1665598: python-crypto throws exception ValueError: CTR mode needs counter parameter, not IV

Summary				In	Importance	Status
	1665598	python-crypto throws exception ValueError: CTR mode needs counter parameter, not IV		python-crypto (Ubuntu)	Critical	Fix Released
	1665598	python-crypto throws exception ValueError: CTR mode needs counter parameter, not IV		OpenStack Charm Test Infra	Critical	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2013-7459

References