FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

pycrypto -- ARC2 module buffer overflow

Affected packages
py-pycrypto < 2.0.1_2


VuXML ID 5a021595-fba9-11dd-86f3-0030843d3802
Discovery 2009-02-06
Entry 2009-02-15

Dwayne C. Litzenberger reports:

pycrypto is exposed to a buffer overflow issue because it fails to adequately verify user-supplied input. This issue resides in the ARC2 module. This issue can be triggered with specially crafted ARC2 keys in excess of 128 bytes.