Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:pypi/cryptography@3.3

Type pypi

Namespace

Name cryptography

Version 3.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 46.0.7

Latest_non_vulnerable_version 46.0.7

Affected_by_vulnerabilities

url VCID-2n3b-ghpm-s3fb

vulnerability_id VCID-2n3b-ghpm-s3fb

summary

cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
The `public_key_from_numbers` (or `EllipticCurvePublicNumbers.public_key()`), `EllipticCurvePublicNumbers.public_key()`, `load_der_public_key()` and `load_pem_public_key()` functions do not verify that the point belongs to the expected prime-order subgroup of the curve.

This missing validation allows an attacker to provide a public key point `P` from a small-order subgroup.  This can lead to security issues in various situations, such as the most commonly used signature verification (ECDSA) and shared key negotiation (ECDH). When the victim computes the shared secret as `S = [victim_private_key]P` via ECDH,  this leaks information about `victim_private_key mod (small_subgroup_order)`. For curves with cofactor > 1, this reveals the least significant bits of the private key.  When these weak public keys are used in ECDSA , it's easy to forge signatures on the small subgroup.

Only SECT curves are impacted by this.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-26007.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-26007

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.00963
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-26007

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/

url

https://github.com/pyca/cryptography/commit/0eebb9dbb6343d9bc1d91e5a2482ed4e054a6d8c

reference_url

https://github.com/pyca/cryptography/releases/tag/46.0.5

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/releases/tag/46.0.5

reference_url

http://www.openwall.com/lists/oss-security/2026/02/10/4

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2026/02/10/4

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926
reference_id	1127926
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1127926

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2438762
reference_id	2438762
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2438762

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-26007

reference_id

CVE-2026-26007

reference_type

scores

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-26007

reference_url

https://github.com/advisories/GHSA-r6ph-v2qm-q3c2

reference_id

GHSA-r6ph-v2qm-q3c2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-r6ph-v2qm-q3c2

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2

reference_id

GHSA-r6ph-v2qm-q3c2

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

value	8.2
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-02-11T21:28:38Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-r6ph-v2qm-q3c2

reference_url	https://access.redhat.com/errata/RHSA-2026:10184
reference_id	RHSA-2026:10184
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:10184

reference_url	https://access.redhat.com/errata/RHSA-2026:12176
reference_id	RHSA-2026:12176
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:12176

reference_url	https://access.redhat.com/errata/RHSA-2026:13512
reference_id	RHSA-2026:13512
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13512

reference_url	https://access.redhat.com/errata/RHSA-2026:13545
reference_id	RHSA-2026:13545
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13545

reference_url	https://access.redhat.com/errata/RHSA-2026:13553
reference_id	RHSA-2026:13553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13553

reference_url	https://access.redhat.com/errata/RHSA-2026:13672
reference_id	RHSA-2026:13672
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:13672

reference_url	https://access.redhat.com/errata/RHSA-2026:19355
reference_id	RHSA-2026:19355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19355

reference_url	https://access.redhat.com/errata/RHSA-2026:21431
reference_id	RHSA-2026:21431
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21431

reference_url	https://access.redhat.com/errata/RHSA-2026:21517
reference_id	RHSA-2026:21517
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:21517

reference_url	https://access.redhat.com/errata/RHSA-2026:2694
reference_id	RHSA-2026:2694
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:2694

reference_url	https://access.redhat.com/errata/RHSA-2026:5168
reference_id	RHSA-2026:5168
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5168

reference_url	https://access.redhat.com/errata/RHSA-2026:5665
reference_id	RHSA-2026:5665
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:5665

reference_url	https://access.redhat.com/errata/RHSA-2026:6308
reference_id	RHSA-2026:6308
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6308

reference_url	https://access.redhat.com/errata/RHSA-2026:6309
reference_id	RHSA-2026:6309
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6309

reference_url	https://access.redhat.com/errata/RHSA-2026:6404
reference_id	RHSA-2026:6404
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6404

reference_url	https://access.redhat.com/errata/RHSA-2026:6497
reference_id	RHSA-2026:6497
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6497

reference_url	https://access.redhat.com/errata/RHSA-2026:6567
reference_id	RHSA-2026:6567
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6567

reference_url	https://access.redhat.com/errata/RHSA-2026:6568
reference_id	RHSA-2026:6568
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:6568

reference_url	https://access.redhat.com/errata/RHSA-2026:7295
reference_id	RHSA-2026:7295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7295

reference_url	https://usn.ubuntu.com/8087-1/
reference_id	USN-8087-1
reference_type
scores
url	https://usn.ubuntu.com/8087-1/

reference_url	https://usn.ubuntu.com/8087-3/
reference_id	USN-8087-3
reference_type
scores
url	https://usn.ubuntu.com/8087-3/

fixed_packages

url pkg:pypi/cryptography@46.0.5

purl pkg:pypi/cryptography@46.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vg4s-htkt-17bj

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.5

aliases CVE-2026-26007, GHSA-r6ph-v2qm-q3c2

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2n3b-ghpm-s3fb

url VCID-6yx5-ejqy-gbce

vulnerability_id VCID-6yx5-ejqy-gbce

summary

Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 2.5-41.0.3 is vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230908.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/fc11bce6930e591ce26a2317b31b9ce2b3e25512

reference_url

https://github.com/advisories/GHSA-v8gr-m533-ghj9

reference_id

GHSA-v8gr-m533-ghj9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-v8gr-m533-ghj9

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9

reference_id

GHSA-v8gr-m533-ghj9

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-v8gr-m533-ghj9

fixed_packages

url pkg:pypi/cryptography@41.0.4

purl pkg:pypi/cryptography@41.0.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.4

aliases GHSA-v8gr-m533-ghj9, GMS-2023-2474

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-6yx5-ejqy-gbce

url VCID-bnkr-dheg-wyen

vulnerability_id VCID-bnkr-dheg-wyen

summary

pyca/cryptography's wheels include vulnerable OpenSSL
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.8-41.0.2 is vulnerable to several security issues. More details about the vulnerabilities themselves can be found in https://www.openssl.org/news/secadv/20230731.txt, https://www.openssl.org/news/secadv/20230719.txt, and https://www.openssl.org/news/secadv/20230714.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/b22271cf3c3dd8dc8978f8f4b00b5c7060b6538d

reference_url

https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/bfa4d95f0f356f2d535efd5c775e0fb3efe90ef2

reference_url

https://www.openssl.org/news/secadv/20230714.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230714.txt

reference_url

https://www.openssl.org/news/secadv/20230719.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230719.txt

reference_url

https://www.openssl.org/news/secadv/20230731.txt

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://www.openssl.org/news/secadv/20230731.txt

reference_url

https://github.com/advisories/GHSA-jm77-qphf-c4w8

reference_id

GHSA-jm77-qphf-c4w8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jm77-qphf-c4w8

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8

reference_id

GHSA-jm77-qphf-c4w8

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-jm77-qphf-c4w8

fixed_packages

url pkg:pypi/cryptography@41.0.3

purl pkg:pypi/cryptography@41.0.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.3

aliases GHSA-jm77-qphf-c4w8, GMS-2023-1898

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bnkr-dheg-wyen

url VCID-cyf1-6j45-x3b4

vulnerability_id VCID-cyf1-6j45-x3b4

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49083.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-49083

reference_id

reference_type

scores

value	0.01255
scoring_system	epss
scoring_elements	0.79681
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-49083

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

reference_url

https://github.com/pyca/cryptography/pull/9926

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/pull/9926

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-12-18T15:31:36Z/

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

reference_url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2023/11/29/2

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108
reference_id	1057108
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331
reference_id	2255331
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2255331

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_id

CVE-2023-49083

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-49083

reference_url

https://github.com/advisories/GHSA-jfhm-5ghh-2f97

reference_id

GHSA-jfhm-5ghh-2f97

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-jfhm-5ghh-2f97

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2024:10965
reference_id	RHSA-2024:10965
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10965

reference_url	https://access.redhat.com/errata/RHSA-2024:1640
reference_id	RHSA-2024:1640
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1640

reference_url	https://access.redhat.com/errata/RHSA-2024:1878
reference_id	RHSA-2024:1878
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:1878

reference_url	https://access.redhat.com/errata/RHSA-2024:2337
reference_id	RHSA-2024:2337
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2337

reference_url	https://access.redhat.com/errata/RHSA-2024:3105
reference_id	RHSA-2024:3105
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3105

reference_url	https://access.redhat.com/errata/RHSA-2024:3781
reference_id	RHSA-2024:3781
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:3781

reference_url	https://access.redhat.com/errata/RHSA-2025:13098
reference_id	RHSA-2025:13098
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13098

reference_url	https://access.redhat.com/errata/RHSA-2025:13100
reference_id	RHSA-2025:13100
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13100

reference_url	https://access.redhat.com/errata/RHSA-2025:13101
reference_id	RHSA-2025:13101
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13101

reference_url	https://access.redhat.com/errata/RHSA-2025:13102
reference_id	RHSA-2025:13102
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13102

reference_url	https://access.redhat.com/errata/RHSA-2025:13103
reference_id	RHSA-2025:13103
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13103

reference_url	https://access.redhat.com/errata/RHSA-2025:13104
reference_id	RHSA-2025:13104
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:13104

reference_url	https://access.redhat.com/errata/RHSA-2025:14553
reference_id	RHSA-2025:14553
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:14553

reference_url	https://access.redhat.com/errata/RHSA-2025:15874
reference_id	RHSA-2025:15874
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:15874

reference_url	https://usn.ubuntu.com/6539-1/
reference_id	USN-6539-1
reference_type
scores
url	https://usn.ubuntu.com/6539-1/

fixed_packages

url pkg:pypi/cryptography@41.0.6

purl pkg:pypi/cryptography@41.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.6

aliases CVE-2023-49083, GHSA-jfhm-5ghh-2f97, PYSEC-2023-254

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cyf1-6j45-x3b4

url VCID-dt2j-6wka-pfbb

vulnerability_id VCID-dt2j-6wka-pfbb

summary

Vulnerable OpenSSL included in cryptography wheels
pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 0.5-40.0.2 is vulnerable to a security issue. More details about the vulnerability itself can be found in https://www.openssl.org/news/secadv/20230530.txt.

If you are building cryptography source ("sdist") then you are responsible for upgrading your copy of OpenSSL. Only users installing from wheels built by the cryptography project (i.e., those distributed on PyPI) need to update their cryptography versions.

references

reference_url

https://cryptography.io/en/latest/changelog/#v41-0-0

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://cryptography.io/en/latest/changelog/#v41-0-0

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22

reference_id

reference_type

scores

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/8708245ccdeaff21d65eea68a4f8d2a7c5949a22

reference_url

https://github.com/advisories/GHSA-5cpq-8wj7-hf2v

reference_id

GHSA-5cpq-8wj7-hf2v

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-5cpq-8wj7-hf2v

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v

reference_id

GHSA-5cpq-8wj7-hf2v

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-5cpq-8wj7-hf2v

fixed_packages

url pkg:pypi/cryptography@41.0.0

purl pkg:pypi/cryptography@41.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-bnkr-dheg-wyen

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-dca7-jkuq-uka3

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@41.0.0

aliases GHSA-5cpq-8wj7-hf2v, GMS-2023-1778

risk_score null

exploitability 0.5

weighted_severity 0.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dt2j-6wka-pfbb

url VCID-ecjs-cgct-4yh2

vulnerability_id VCID-ecjs-cgct-4yh2

summary incorrect calculation

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36242.json

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-36242.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-36242

reference_id

reference_type

scores

value	0.01575
scoring_system	epss
scoring_elements	0.81857
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-36242

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/advisories/GHSA-rhm9-p9w5-fwm7

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/advisories/GHSA-rhm9-p9w5-fwm7

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst

reference_url

https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae

reference_url

https://github.com/pyca/cryptography/compare/3.3.1...3.3.2

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/compare/3.3.1...3.3.2

reference_url

https://github.com/pyca/cryptography/issues/5615

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/issues/5615

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-63.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E

reference_url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E

reference_url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/
reference_id
reference_type
scores
url	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2020-36242

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2020-36242

reference_url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpuapr2022.html

reference_url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_id

reference_type

scores

value	9.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

value	8.8
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:H/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.oracle.com/security-alerts/cpujul2022.html

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=1926226
reference_id	1926226
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=1926226

reference_url	https://security.archlinux.org/ASA-202102-36
reference_id	ASA-202102-36
reference_type
scores
url	https://security.archlinux.org/ASA-202102-36

reference_url

https://security.archlinux.org/AVG-1541

reference_id

AVG-1541

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1541

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2021:1608
reference_id	RHSA-2021:1608
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:1608

reference_url	https://access.redhat.com/errata/RHSA-2021:2239
reference_id	RHSA-2021:2239
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2021:2239

fixed_packages

url pkg:pypi/cryptography@3.3.2

purl pkg:pypi/cryptography@3.3.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-bnkr-dheg-wyen

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-dt2j-6wka-pfbb

vulnerability	VCID-fep2-jgws-6qf6

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-psgc-3nmf-xkfj

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.3.2

aliases CVE-2020-36242, GHSA-rhm9-p9w5-fwm7, PYSEC-2021-63

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ecjs-cgct-4yh2

url VCID-fep2-jgws-6qf6

vulnerability_id VCID-fep2-jgws-6qf6

summary

Access of Resource Using Incompatible Type ('Type Confusion')
There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. When CRL checking is enabled (i.e. the application sets the X509_V_FLAG_CRL_CHECK flag), this vulnerability may allow an attacker to pass arbitrary pointers to a memcmp call, enabling them to read memory contents or enact a denial of service. In most cases, the attack requires the attacker to provide both the certificate chain and CRL, neither of which need to have a valid signature. If the attacker only controls one of these inputs, the other input must already contain an X.400 address as a CRL distribution point, which is uncommon. As such, this vulnerability is most likely to only affect applications which have implemented their own functionality for retrieving CRLs over a network.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-0286.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_id

reference_type

scores

value	0.88334
scoring_system	epss
scoring_elements	0.99513
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-0286

reference_url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/LibreSSL/libressl-3.6.2-relnotes.txt

reference_url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://ftp.openbsd.org/pub/OpenBSD/patches/7.2/common/018_x509.patch.sig

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c6c9d439b484e1ba9830d8454a34fa4f80fdfe9

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2f7530077e0ef79d98718138716bc51ca0cad658

reference_url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=fd2af07dc083a350c959147097003a14a5e8ac4d

reference_url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2023-0003

reference_url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://rustsec.org/advisories/RUSTSEC-2023-0006.html

reference_url

https://security.gentoo.org/glsa/202402-08

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://security.gentoo.org/glsa/202402-08

reference_url

https://www.openssl.org/news/secadv/20230207.txt

reference_id

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-06T15:57:22Z/

url

https://www.openssl.org/news/secadv/20230207.txt

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440
reference_id	2164440
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2164440

reference_url

https://access.redhat.com/security/cve/cve-2023-0286

reference_id

CVE-2023-0286

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://access.redhat.com/security/cve/cve-2023-0286

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-0286

reference_id

CVE-2023-0286

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-0286

reference_url

https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

reference_id

GHSA-x4qr-2fvf-3mr5

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-x4qr-2fvf-3mr5

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

reference_id

GHSA-x4qr-2fvf-3mr5

reference_type

scores

value	7.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:H

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/security/advisories/GHSA-x4qr-2fvf-3mr5

reference_url	https://access.redhat.com/errata/RHSA-2023:0946
reference_id	RHSA-2023:0946
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:0946

reference_url	https://access.redhat.com/errata/RHSA-2023:1199
reference_id	RHSA-2023:1199
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1199

reference_url	https://access.redhat.com/errata/RHSA-2023:1335
reference_id	RHSA-2023:1335
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1335

reference_url	https://access.redhat.com/errata/RHSA-2023:1405
reference_id	RHSA-2023:1405
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1405

reference_url	https://access.redhat.com/errata/RHSA-2023:1437
reference_id	RHSA-2023:1437
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1437

reference_url	https://access.redhat.com/errata/RHSA-2023:1438
reference_id	RHSA-2023:1438
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1438

reference_url	https://access.redhat.com/errata/RHSA-2023:1439
reference_id	RHSA-2023:1439
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1439

reference_url	https://access.redhat.com/errata/RHSA-2023:1440
reference_id	RHSA-2023:1440
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1440

reference_url	https://access.redhat.com/errata/RHSA-2023:1441
reference_id	RHSA-2023:1441
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:1441

reference_url	https://access.redhat.com/errata/RHSA-2023:2022
reference_id	RHSA-2023:2022
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2022

reference_url	https://access.redhat.com/errata/RHSA-2023:2165
reference_id	RHSA-2023:2165
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2165

reference_url	https://access.redhat.com/errata/RHSA-2023:2932
reference_id	RHSA-2023:2932
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:2932

reference_url	https://access.redhat.com/errata/RHSA-2023:3354
reference_id	RHSA-2023:3354
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3354

reference_url	https://access.redhat.com/errata/RHSA-2023:3355
reference_id	RHSA-2023:3355
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3355

reference_url	https://access.redhat.com/errata/RHSA-2023:3420
reference_id	RHSA-2023:3420
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3420

reference_url	https://access.redhat.com/errata/RHSA-2023:3421
reference_id	RHSA-2023:3421
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:3421

reference_url	https://access.redhat.com/errata/RHSA-2023:4124
reference_id	RHSA-2023:4124
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4124

reference_url	https://access.redhat.com/errata/RHSA-2023:4128
reference_id	RHSA-2023:4128
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4128

reference_url	https://access.redhat.com/errata/RHSA-2023:4252
reference_id	RHSA-2023:4252
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4252

reference_url	https://access.redhat.com/errata/RHSA-2023:5209
reference_id	RHSA-2023:5209
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:5209

reference_url	https://access.redhat.com/errata/RHSA-2024:5136
reference_id	RHSA-2024:5136
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:5136

reference_url	https://access.redhat.com/errata/RHSA-2024:6095
reference_id	RHSA-2024:6095
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:6095

reference_url	https://access.redhat.com/errata/RHSA-2025:7733
reference_id	RHSA-2025:7733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7733

reference_url	https://access.redhat.com/errata/RHSA-2025:7895
reference_id	RHSA-2025:7895
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7895

reference_url	https://access.redhat.com/errata/RHSA-2025:7937
reference_id	RHSA-2025:7937
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:7937

reference_url	https://usn.ubuntu.com/5844-1/
reference_id	USN-5844-1
reference_type
scores
url	https://usn.ubuntu.com/5844-1/

reference_url	https://usn.ubuntu.com/5845-1/
reference_id	USN-5845-1
reference_type
scores
url	https://usn.ubuntu.com/5845-1/

reference_url	https://usn.ubuntu.com/5845-2/
reference_id	USN-5845-2
reference_type
scores
url	https://usn.ubuntu.com/5845-2/

reference_url	https://usn.ubuntu.com/6564-1/
reference_id	USN-6564-1
reference_type
scores
url	https://usn.ubuntu.com/6564-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:pypi/cryptography@39.0.1

purl pkg:pypi/cryptography@39.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-bnkr-dheg-wyen

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-dt2j-6wka-pfbb

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1

aliases CVE-2023-0286, GHSA-x4qr-2fvf-3mr5

risk_score 10.0

exploitability 2.0

weighted_severity 6.7

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fep2-jgws-6qf6

url VCID-n45m-e281-97ar

vulnerability_id VCID-n45m-e281-97ar

summary

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-50782.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-50782

reference_id

reference_type

scores

value	0.00879
scoring_system	epss
scoring_elements	0.75653
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-50782

reference_url

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/

url

https://bugzilla.redhat.com/show_bug.cgi?id=2254432

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.9
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/issues/9785

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/issues/9785

reference_url

https://www.couchbase.com/alerts

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://www.couchbase.com/alerts

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308
reference_id	1059308
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1059308

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2
reference_id	cpe:/a:redhat:ansible_automation_platform:2
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:ansible_automation_platform:2

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8
reference_id	cpe:/a:redhat:rhui:4::el8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:rhui:4::el8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6
reference_id	cpe:/a:redhat:satellite:6
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:satellite:6

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7
reference_id	cpe:/o:redhat:enterprise_linux:7
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8
reference_id	cpe:/o:redhat:enterprise_linux:8
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:8

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9
reference_id	cpe:/o:redhat:enterprise_linux:9
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:9

reference_url

https://access.redhat.com/security/cve/CVE-2023-50782

reference_id

CVE-2023-50782

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-02-15T16:14:33Z/

url

https://access.redhat.com/security/cve/CVE-2023-50782

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-50782

reference_id

CVE-2023-50782

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

value	8.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-50782

reference_url

https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

reference_id

GHSA-3ww4-gg4f-jr7f

reference_type

scores

value	HIGH
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-3ww4-gg4f-jr7f

reference_url	https://usn.ubuntu.com/6673-1/
reference_id	USN-6673-1
reference_type
scores
url	https://usn.ubuntu.com/6673-1/

reference_url	https://usn.ubuntu.com/6673-2/
reference_id	USN-6673-2
reference_type
scores
url	https://usn.ubuntu.com/6673-2/

fixed_packages

url pkg:pypi/cryptography@42.0.0

purl pkg:pypi/cryptography@42.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.0

aliases CVE-2023-50782, GHSA-3ww4-gg4f-jr7f

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n45m-e281-97ar

url VCID-psgc-3nmf-xkfj

vulnerability_id VCID-psgc-3nmf-xkfj

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-23931.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-23931

reference_id

reference_type

scores

value	0.00688
scoring_system	epss
scoring_elements	0.72061
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-23931

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e

reference_url

https://github.com/pyca/cryptography/pull/8230

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/pull/8230

reference_url

https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/

url

https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r

reference_id

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-10T21:01:11Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r

reference_url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00012.html

reference_url

https://security.netapp.com/advisory/ntap-20230324-0007

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20230324-0007

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049
reference_id	1031049
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2171817
reference_id	2171817
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2171817

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2023-23931

reference_id

CVE-2023-23931

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

value	6.9
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2023-23931

reference_url

https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

reference_id

GHSA-w7pp-m8wf-vj6r

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-w7pp-m8wf-vj6r

reference_url	https://security.gentoo.org/glsa/202407-06
reference_id	GLSA-202407-06
reference_type
scores
url	https://security.gentoo.org/glsa/202407-06

reference_url	https://access.redhat.com/errata/RHSA-2023:4693
reference_id	RHSA-2023:4693
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4693

reference_url	https://access.redhat.com/errata/RHSA-2023:4971
reference_id	RHSA-2023:4971
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:4971

reference_url	https://access.redhat.com/errata/RHSA-2023:6615
reference_id	RHSA-2023:6615
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6615

reference_url	https://access.redhat.com/errata/RHSA-2023:6793
reference_id	RHSA-2023:6793
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:6793

reference_url	https://access.redhat.com/errata/RHSA-2023:7096
reference_id	RHSA-2023:7096
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7096

reference_url	https://access.redhat.com/errata/RHSA-2023:7341
reference_id	RHSA-2023:7341
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2023:7341

reference_url	https://access.redhat.com/errata/RHSA-2024:2985
reference_id	RHSA-2024:2985
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2985

reference_url	https://usn.ubuntu.com/6539-1/
reference_id	USN-6539-1
reference_type
scores
url	https://usn.ubuntu.com/6539-1/

fixed_packages

url pkg:pypi/cryptography@39.0.1

purl pkg:pypi/cryptography@39.0.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-6yx5-ejqy-gbce

vulnerability	VCID-bnkr-dheg-wyen

vulnerability	VCID-cyf1-6j45-x3b4

vulnerability	VCID-dt2j-6wka-pfbb

vulnerability	VCID-n45m-e281-97ar

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

vulnerability	VCID-yyrx-r985-fycc

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@39.0.1

aliases CVE-2023-23931, GHSA-w7pp-m8wf-vj6r, PYSEC-2023-11

risk_score 3.0

exploitability 0.5

weighted_severity 5.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-psgc-3nmf-xkfj

url VCID-wu6a-6z5z-zuba

vulnerability_id VCID-wu6a-6z5z-zuba

summary cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-34073.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2026-34073

reference_id

reference_type

scores

value	9e-05
scoring_system	epss
scoring_elements	0.01019
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2026-34073

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.7
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/pyca/cryptography

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography

reference_url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-31T13:50:17Z/

url

https://github.com/pyca/cryptography/security/advisories/GHSA-m959-cc7f-wv43

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

value	1.7
scoring_system	cvssv4
scoring_elements	CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U

value	LOW
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2026-34073

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276
reference_id	2453276
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2453276

reference_url

https://github.com/advisories/GHSA-m959-cc7f-wv43

reference_id

GHSA-m959-cc7f-wv43

reference_type

scores

value	LOW
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-m959-cc7f-wv43

reference_url	https://access.redhat.com/errata/RHSA-2026:7295
reference_id	RHSA-2026:7295
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:7295

fixed_packages

url pkg:pypi/cryptography@46.0.6

purl pkg:pypi/cryptography@46.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vg4s-htkt-17bj

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@46.0.6

aliases CVE-2026-34073, GHSA-m959-cc7f-wv43, PYSEC-2026-35

risk_score 2.4

exploitability 0.5

weighted_severity 4.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wu6a-6z5z-zuba

url VCID-yyrx-r985-fycc

vulnerability_id VCID-yyrx-r985-fycc

summary

Null pointer dereference in PKCS12 parsing
Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL
to crash leading to a potential Denial of Service attack

Impact summary: Applications loading files in the PKCS12 format from untrusted
sources might terminate abruptly.

A file in PKCS12 format can contain certificates and keys and may come from an
untrusted source. The PKCS12 specification allows certain fields to be NULL, but
OpenSSL does not correctly check for this case. This can lead to a NULL pointer
dereference that results in OpenSSL crashing. If an application processes PKCS12
files from an untrusted source using the OpenSSL APIs then that application will
be vulnerable to this issue.

OpenSSL APIs that are vulnerable to this are: PKCS12_parse(),
PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes()
and PKCS12_newpass().

We have also fixed a similar issue in SMIME_write_PKCS7(). However since this
function is related to writing data we do not consider it security significant.

The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

references

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-0727.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-0727

reference_id

reference_type

scores

value	0.00238
scoring_system	epss
scoring_elements	0.47001
published_at	2026-05-30T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-0727

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-265688.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-277137.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-277137.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-331112.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-769027.html

reference_url

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://cert-portal.siemens.com/productcert/html/ssa-915275.html

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	3.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/alexcrichton/openssl-src-rs/commit/add20f73b6b42be7451af2e1044d4e0e778992b2

reference_url

https://github.com/github/advisory-database/pull/3472

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/github/advisory-database/pull/3472

reference_url

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/09df4395b5071217b76dc7d3d2e630eb8c5a79c2

reference_url

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/775acfdbd0c6af9ac855f34969cdab0c0c90844a

reference_url

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.com/openssl/openssl/commit/d135eeab8a5dbf72b3da5240bab9ddb7678dbd2c

reference_url

https://github.com/openssl/openssl/pull/23362

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/openssl/openssl/pull/23362

reference_url

https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/pyca/cryptography/commit/3519591d255d4506fbcd0d04037d45271903c64d

reference_url

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/03b3941d60c4bce58fab69a0c22377ab439bc0e8

reference_url

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://github.openssl.org/openssl/extended-releases/commit/aebaa5883e31122b404e450732dc833dc9dee539

reference_url

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/10/msg00033.html

reference_url

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://lists.debian.org/debian-lts-announce/2024/11/msg00000.html

reference_url

https://security.netapp.com/advisory/ntap-20240208-0006

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://security.netapp.com/advisory/ntap-20240208-0006

reference_url

https://www.openssl.org/news/secadv/20240125.txt

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-08T20:15:21Z/

url

https://www.openssl.org/news/secadv/20240125.txt

reference_url

http://www.openwall.com/lists/oss-security/2024/03/11/1

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

http://www.openwall.com/lists/oss-security/2024/03/11/1

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582
reference_id	1061582
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1061582

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2259944
reference_id	2259944
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2259944

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2024-0727

reference_id

CVE-2024-0727

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2024-0727

reference_url

https://github.com/advisories/GHSA-9v9h-cgj8-h64p

reference_id

GHSA-9v9h-cgj8-h64p

reference_type

scores

value	MODERATE
scoring_system	cvssv3.1_qr
scoring_elements

url

https://github.com/advisories/GHSA-9v9h-cgj8-h64p

reference_url	https://access.redhat.com/errata/RHSA-2024:2447
reference_id	RHSA-2024:2447
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:2447

reference_url	https://access.redhat.com/errata/RHSA-2024:9088
reference_id	RHSA-2024:9088
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:9088

reference_url	https://usn.ubuntu.com/6622-1/
reference_id	USN-6622-1
reference_type
scores
url	https://usn.ubuntu.com/6622-1/

reference_url	https://usn.ubuntu.com/6632-1/
reference_id	USN-6632-1
reference_type
scores
url	https://usn.ubuntu.com/6632-1/

reference_url	https://usn.ubuntu.com/6709-1/
reference_id	USN-6709-1
reference_type
scores
url	https://usn.ubuntu.com/6709-1/

reference_url	https://usn.ubuntu.com/7018-1/
reference_id	USN-7018-1
reference_type
scores
url	https://usn.ubuntu.com/7018-1/

reference_url	https://usn.ubuntu.com/7894-1/
reference_id	USN-7894-1
reference_type
scores
url	https://usn.ubuntu.com/7894-1/

fixed_packages

url pkg:pypi/cryptography@42.0.2

purl pkg:pypi/cryptography@42.0.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2n3b-ghpm-s3fb

vulnerability	VCID-7j9u-q6e6-jkhd

vulnerability	VCID-rtu1-e9yg-97cx

vulnerability	VCID-wegt-2wzm-euhw

vulnerability	VCID-wu6a-6z5z-zuba

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@42.0.2

aliases CVE-2024-0727, GHSA-9v9h-cgj8-h64p

risk_score 3.1

exploitability 0.5

weighted_severity 6.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yyrx-r985-fycc

Fixing_vulnerabilities

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/cryptography@3.3

Package Instance