|Number of vulnerabilities||1|
|CVE ID|| CVE-2018-6594
|CWE ID|| CWE-200
|Public exploit||Public exploit code for vulnerability #1 is available.|
Operating systems & Components / Operating system
This security advisory describes one low risk vulnerability.
CWE-200 - Information Exposure
Exploit availability: Yes [Search exploit]Description
The vulnerability allows a remote unauthenticated attacker to obtain potentially sensitive information on the target system.
The weakness exists in the ElGamal implementation in PyCrypto due to generation of weak ElGamal key parameters by the source code in the lib/Crypto/PublicKey/ElGamal.py file. A remote attacker can gain access to potentially sensitive information.
Update the affected packages.
dev-python/pycrypto to version:
Gentoo Linux: -CPE
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.