Pycryptodome vulnerabilities

CVE-2023-52323 [MEDIUM] CWE-203 CVE-2023-52323: PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploit PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVE-2018-15560 [HIGH] CWE-190 CVE-2018-15560: PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to th PyCryptodome before 3.6.6 has an integer overflow in the data_len variable in AESNI.c, related to the AESNI_encrypt and AESNI_decrypt functions, leading to the mishandling of messages shorter than 16 bytes.

CVE-2018-6594 [HIGH] CVE-2018-6594: lib/Crypto/PublicKey/ElGamal lib/Crypto/PublicKey/ElGamal.py in PyCrypto through 2.6.1 generates weak ElGamal key parameters, which allows attackers to obtain sensitive information by reading ciphertext data (i.e., it does not have semantic security in face of a ciphertext-only attack). The Decisional Diffie-Hellman (DDH) assumption does not hold for PyCrypto's ElGamal implementation.