Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
PyCrypto‘Crypto.Random’竞争条件信息泄露漏洞
Vulnerability Description
PyCrypto是一个使用Python编写的加密工具包,它包含了MD5、AES、DES3等加密算法。 PyCrypto 2.6.1之前的版本中的Crypto.Random.atfork函数中存在安全漏洞,该漏洞源于程序允许子程序访问伪随机数生成器之前,没有正确补种伪随机数生成器(PRNG),多个进程使用相同的随机数产生竞争条件。远程攻击者可借助竞争条件利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A