[pycrypto] Buffer overflow in ARC2.new() with len(key) > 128 bytes
Dwayne C. Litzenberger
dlitz at dlitz.net
Sat Feb 28 12:06:26 CST 2009
On Fri, Feb 06, 2009 at 07:39:14PM -0500, Dwayne C. Litzenberger wrote:
>Mike Wiacek from the Google Security Team pointed out a buffer overflow in
>PyCrypto's ARC2 cipher module, which occurs when attempting to initialize
>ARC2 with a key longer than 128 bytes.
For future reference, this issue has been assigned CVE-2009-0544, and
Debian DSA 1726:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0544
http://www.debian.org/security/2009/dsa-1726
--
Dwayne C. Litzenberger <dlitz at dlitz.net>
Key-signing key - 19E1 1FE8 B3CF F273 ED17 4A24 928C EC13 39C2 5CF7
Annual key (2008) - 4B2A FD82 FC7D 9E38 38D9 179F 1C11 B877 E780 4B45
More information about the pycrypto
mailing list