CVE-2013-1445
Public on 2013-10-26
Modified on 2014-09-16
Description
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | python-crypto | 2013-11-03 | ALAS-2013-243 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 2.6 | AV:N/AC:H/Au:N/C:P/I:N/A:N |
| NVD | CVSSv2 | 4.3 | AV:N/AC:M/Au:N/C:P/I:N/A:N |