VulnerableCode Package Details - pkg:rpm/redhat/python-cryptography@42.0.5-1?arch=el9ap

Search for packages

Vulnerability	Summary	Fixed by
VCID-48jq-1u5d-tkan Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.	There are no reported fixed by versions.
VCID-g772-pn9e-7ufv Aliases: CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.	There are no reported fixed by versions.

Vulnerability

Summary

Fixed by

VCID-48jq-1u5d-tkan
Aliases:
CVE-2023-49083
GHSA-jfhm-5ghh-2f97
PYSEC-2023-254

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

There are no reported fixed by versions.

VCID-g772-pn9e-7ufv
Aliases:
CVE-2024-26130
GHSA-6vqw-3v5j-54x4
PYSEC-2024-225

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

There are no reported fixed by versions.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-01T13:51:04.009901+00:00	RedHat Importer	Affected by	VCID-48jq-1u5d-tkan	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json	38.0.0
2026-04-01T13:49:40.878789+00:00	RedHat Importer	Affected by	VCID-g772-pn9e-7ufv	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json	38.0.0

2026-04-01T13:51:04.009901+00:00

RedHat Importer

Affected by

VCID-48jq-1u5d-tkan

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

38.0.0

2026-04-01T13:49:40.878789+00:00

RedHat Importer

Affected by

VCID-g772-pn9e-7ufv

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26130.json

38.0.0

Next non-vulnerable version	None.
Latest non-vulnerable version	None.
Risk	4.0