VulnerableCode Package Details - pkg:deb/debian/python-cryptography@3.3.2-1%2Bdeb11u1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-48jq-1u5d-tkan	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.	CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254
VCID-u4f5-k68d-wfd1	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.	CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-2023-11

Vulnerability

Summary

Aliases

VCID-48jq-1u5d-tkan

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

CVE-2023-49083
GHSA-jfhm-5ghh-2f97
PYSEC-2023-254

VCID-u4f5-k68d-wfd1

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

CVE-2023-23931
GHSA-w7pp-m8wf-vj6r
PYSEC-2023-11

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T10:05:01.475252+00:00	Debian Importer	Fixing	VCID-48jq-1u5d-tkan	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:43:01.489657+00:00	Debian Importer	Fixing	VCID-u4f5-k68d-wfd1	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:28.998663+00:00	Debian Importer	Fixing	VCID-48jq-1u5d-tkan	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-12T17:48:01.352340+00:00	Debian Importer	Fixing	VCID-u4f5-k68d-wfd1	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:38.702603+00:00	Debian Importer	Fixing	VCID-48jq-1u5d-tkan	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:38.596448+00:00	Debian Importer	Fixing	VCID-u4f5-k68d-wfd1	https://security-tracker.debian.org/tracker/data/json	38.1.0