VulnerableCode Package Details - pkg:deb/debian/python-cryptography@42.0.5-1?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-g772-pn9e-7ufv	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.	CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225
VCID-x7vf-dyab-qbhq	Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.	CVE-2023-50782 GHSA-3ww4-gg4f-jr7f

Vulnerability

Summary

Aliases

VCID-g772-pn9e-7ufv

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

CVE-2024-26130
GHSA-6vqw-3v5j-54x4
PYSEC-2024-225

VCID-x7vf-dyab-qbhq

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE-2023-50782
GHSA-3ww4-gg4f-jr7f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T09:29:58.746682+00:00	Debian Importer	Fixing	VCID-g772-pn9e-7ufv	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-12T18:15:29.080511+00:00	Debian Importer	Fixing	VCID-x7vf-dyab-qbhq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:20:08.192310+00:00	Debian Importer	Fixing	VCID-g772-pn9e-7ufv	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:50:38.853355+00:00	Debian Importer	Fixing	VCID-g772-pn9e-7ufv	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:50:38.776607+00:00	Debian Importer	Fixing	VCID-x7vf-dyab-qbhq	https://security-tracker.debian.org/tracker/data/json	38.1.0