pycrypto is vulnerable to remote code execution (RCE) via heap buffer overflow attacks. There is a heap buffer overflow on ALGobject.IV
in block_templace.c
, where attackers can write as many bytes as they want on part of the heap, and exploit it to control the execution flow to execute shell commands.