MitreCVE-2009-0544

HistoryFeb 12, 2009 - 5:30 p.m.

CVE-2009-0544

2009-02-1217:30:00

CWE-119

mitre

web.nvd.nist.gov

cve-2009-0544

pycrypto

arc2

buffer overflow

remote attackers

denial of service

arbitrary code

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.321

Percentile

97.0%

JSON

Buffer overflow in the PyCrypto ARC2 module 2.0.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a large ARC2 key length.

Affected configurations

Nvd

Node

pycryptoarc2Match2.0.1

VendorProductVersionCPE
pycryptoarc22.0.1cpe:2.3:a:pycrypto:arc2:2.0.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
pycrypto	arc2	2.0.1	cpe:2.3:a:pycrypto:arc2:2.0.1:::::::*

References

gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git%3Ba=commitdiff%3Bh=d1c4875e1f220652fe7ff8358f56dee3b2aba31b

gitweb2.dlitz.net/?p=crypto/pycrypto-2.x.git%3Ba=commitdiff%3Bh=fd73731dfad451a81056fbb01e09aa78ab82eb5d

lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html

secunia.com/advisories/34199

secunia.com/advisories/35065

www.gentoo.org/security/en/glsa/glsa-200903-11.xml

www.mandriva.com/security/advisories?name=MDVSA-2009:049

www.mandriva.com/security/advisories?name=MDVSA-2009:050

www.openwall.com/lists/oss-security/2009/02/07/1

www.openwall.com/lists/oss-security/2009/02/12/5

www.securityfocus.com/bid/33674

exchange.xforce.ibmcloud.com/vulnerabilities/48617

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.7

Confidence

Low

EPSS

0.321

Percentile

97.0%

JSON

Related for CVE-2009-0544