VulnerableCode Package Details - pkg:rpm/redhat/python-cryptography@3.2.1-4?arch=el8

Staging Environment: Content and features may be unstable or change without notice.

Search for packages

Package details: pkg:rpm/redhat/python-cryptography@3.2.1-4?arch=el8

purl	pkg:rpm/redhat/python-cryptography@3.2.1-4?arch=el8

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.1

Vulnerabilities affecting this package (2)

Vulnerability	Summary	Fixed by
VCID-bjpd-6kh8-1bbs Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63	In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.	There are no reported fixed by versions.
VCID-vmx8-tjg2-uuec Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.	There are no reported fixed by versions.

Vulnerabilities fixed by this package (0)

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T14:04:06.603345+00:00	RedHat Importer	Affected by	VCID-vmx8-tjg2-uuec	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25659.json	38.0.0
2026-04-01T14:03:44.878220+00:00	RedHat Importer	Affected by	VCID-bjpd-6kh8-1bbs	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36242.json	38.0.0