{"id":"PYSEC-2013-29","details":"The Crypto.Random.atfork function in PyCrypto before 2.6.1 does not properly reseed the pseudo-random number generator (PRNG) before allowing a child process to access it, which makes it easier for context-dependent attackers to obtain sensitive information by leveraging a race condition in which a child process is created and accesses the PRNG within the same rate-limit period as another process.","aliases":["CVE-2013-1445","GHSA-x377-f64p-hf5j"],"modified":"2024-04-22T23:11:46.818337Z","published":"2013-10-26T17:55:00Z","references":[{"type":"FIX","url":"https://github.com/dlitz/pycrypto/commit/19dcf7b15d61b7dc1a125a367151de40df6ef175"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2781"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2013/10/17/3"}],"affected":[{"package":{"name":"pycrypto","ecosystem":"PyPI","purl":"pkg:pypi/pycrypto"},"ranges":[{"type":"GIT","repo":"https://github.com/dlitz/pycrypto","events":[{"introduced":"0"},{"fixed":"19dcf7b15d61b7dc1a125a367151de40df6ef175"}]},{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.6.1"}]}],"versions":["1.9a2","1.9a5","1.9a6","2.0","2.0.1","2.1.0","2.2","2.3","2.4","2.4.1","2.5","2.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pycrypto/PYSEC-2013-29.yaml"}}],"schema_version":"1.7.3"}