Search for packages
| purl | pkg:deb/debian/python-cryptography@0.6.1-1%2Bdeb8u1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vvs-dn11-aaak
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-69da-bw9p-aaae
Aliases: CVE-2018-10903 GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Affected by 5 other vulnerabilities. |
|
VCID-ec7h-g27n-aaad
Aliases: CVE-2016-9243 GHSA-q3cj-2r34-2cwc PYSEC-2017-8 |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
Affected by 5 other vulnerabilities. |
|
VCID-j6cb-jtt4-aaas
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. |
Affected by 4 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:01:53.407427+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:04:13.548936+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:39:25.018843+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T07:38:16.654891+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.3 |
| 2025-06-21T04:59:37.209314+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-21T04:07:56.306443+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T01:22:54.026196+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.3 |
| 2025-06-21T00:05:43.207650+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.3 |
| 2025-06-08T12:54:37.027640+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:54:09.077885+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:33:36.523691+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:57:11.511713+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:33:42.272196+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:12.441995+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.0 |
| 2025-06-07T22:37:02.872089+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-06-07T21:43:34.436473+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.0 |
| 2025-06-07T18:45:42.938947+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.0 |
| 2025-06-07T17:28:29.605696+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.0 |
| 2025-04-13T02:12:07.676381+00:00 | Debian Oval Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:12:04.913446+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:02:33.158711+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:52:54.870057+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:48.087810+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:18.989479+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:14:57.263215+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:28:47.199628+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:05:57.200017+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.135560+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.0.0 |
| 2025-04-07T21:08:42.180160+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-04-07T20:13:17.983958+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-07T17:23:33.054258+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.0.0 |
| 2025-04-07T16:02:57.064489+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.0.0 |