VulnerableCode Package Details - pkg:deb/debian/python-cryptography@43.0.0-3%2Bdeb13u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-rgsr-9wpx-qqg6 Aliases: CVE-2026-34073 GHSA-m959-cc7f-wv43	cryptography has incomplete DNS name constraint enforcement on peer names ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named `bar.example.com` to validate against a wildcard leaf certificate for `*.example.com`, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for `bar.example.com`. This behavior resulted from a gap between RFC 5280 (which defines Name Constraint semantics) and RFC 9525 (which defines service identity semantics): put together, neither states definitively whether Name Constraints should be applied to peer names. To close this gap, cryptography now conservatively rejects any validation where the peer name would be rejected by a name constraint if it were a SAN instead. In practice, exploitation of this bypass requires an uncommon X.509 topology, one that the Web PKI avoids because it exhibits these kinds of problems. Consequently, we consider this a medium-to-low impact severity. See CVE-2025-61727 for a similar bypass in Go's `crypto/x509`. ## Remediation Users should upgrade to 46.0.6 or newer. ## Attribution Reporter: @1seal	46.0.6-1 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}

Vulnerability

Summary

Fixed by

VCID-rgsr-9wpx-qqg6
Aliases:
CVE-2026-34073
GHSA-m959-cc7f-wv43

cryptography has incomplete DNS name constraint enforcement on peer names ## Summary In versions of cryptography prior to 46.0.5, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named `bar.example.com` to validate against a wildcard leaf certificate for `*.example.com`, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for `bar.example.com`. This behavior resulted from a gap between RFC 5280 (which defines Name Constraint semantics) and RFC 9525 (which defines service identity semantics): put together, neither states definitively whether Name Constraints should be applied to peer names. To close this gap, cryptography now conservatively rejects any validation where the peer name would be rejected by a name constraint if it were a SAN instead. In practice, exploitation of this bypass requires an uncommon X.509 topology, one that the Web PKI avoids because it exhibits these kinds of problems. Consequently, we consider this a medium-to-low impact severity. See CVE-2025-61727 for a similar bypass in Go's `crypto/x509`. ## Remediation Users should upgrade to 46.0.6 or newer. ## Attribution Reporter: @1seal

46.0.6-1
Affected by 1 other vulnerability.

Vulnerability	Summary	Aliases
VCID-f44c-ygbw-bufn	cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves ## Vulnerability Summary The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH, this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. ## Credit This vulnerability was discovered by: - XlabAI Team of Tencent Xuanwu Lab - Atuin Automated Vulnerability Discovery Engine	CVE-2026-26007 GHSA-r6ph-v2qm-q3c2
VCID-x7vf-dyab-qbhq	Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.	CVE-2023-50782 GHSA-3ww4-gg4f-jr7f

Vulnerability

Summary

Aliases

VCID-f44c-ygbw-bufn

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves ## Vulnerability Summary The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve. This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup. This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH, this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key. When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup. Only SECT curves are impacted by this. ## Credit This vulnerability was discovered by: - XlabAI Team of Tencent Xuanwu Lab - Atuin Automated Vulnerability Discovery Engine

CVE-2026-26007
GHSA-r6ph-v2qm-q3c2

VCID-x7vf-dyab-qbhq

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVE-2023-50782
GHSA-3ww4-gg4f-jr7f

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:47:09.004426+00:00	Debian Importer	Fixing	VCID-x7vf-dyab-qbhq	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:30:45.729399+00:00	Debian Importer	Fixing	VCID-f44c-ygbw-bufn	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:09:17.083075+00:00	Debian Importer	Affected by	VCID-rgsr-9wpx-qqg6	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T08:02:16.044531+00:00	Debian Importer	Fixing	VCID-x7vf-dyab-qbhq	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:50:49.213187+00:00	Debian Importer	Fixing	VCID-f44c-ygbw-bufn	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T06:03:15.173639+00:00	Debian Importer	Affected by	VCID-rgsr-9wpx-qqg6	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-08T19:21:11.212300+00:00	Debian Importer	Fixing	VCID-x7vf-dyab-qbhq	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T19:13:17.271850+00:00	Debian Importer	Fixing	VCID-f44c-ygbw-bufn	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-08T18:40:32.315264+00:00	Debian Importer	Affected by	VCID-rgsr-9wpx-qqg6	https://security-tracker.debian.org/tracker/data/json	38.1.0