Search for packages
| purl | pkg:deb/debian/python-cryptography@0.6.1-1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vvs-dn11-aaak
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-69da-bw9p-aaae
Aliases: CVE-2018-10903 GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Affected by 5 other vulnerabilities. |
|
VCID-ec7h-g27n-aaad
Aliases: CVE-2016-9243 GHSA-q3cj-2r34-2cwc PYSEC-2017-8 |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
Affected by 5 other vulnerabilities. |
|
VCID-j6cb-jtt4-aaas
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. |
Affected by 4 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:01:53.405135+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:04:13.546512+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:39:25.016729+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T07:38:16.652799+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.3 |
| 2025-06-21T04:59:37.206997+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-21T04:07:56.304081+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T01:22:54.024245+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.3 |
| 2025-06-21T00:05:43.205615+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.3 |
| 2025-06-08T12:54:37.025915+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:54:09.075204+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:33:36.521804+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:57:11.509837+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:33:42.270503+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:12.439993+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.0 |
| 2025-06-07T22:37:02.870294+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-06-07T21:43:34.434537+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.0 |
| 2025-06-07T18:45:42.937280+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.0 |
| 2025-06-07T17:28:29.603996+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.0 |
| 2025-04-13T02:12:07.670819+00:00 | Debian Oval Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:12:04.909048+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:02:33.153239+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:52:54.865088+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:48.082907+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:18.984459+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:14:57.258275+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:28:47.195122+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:05:57.195405+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.130345+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.0.0 |
| 2025-04-07T21:08:42.175420+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-04-07T20:13:17.978952+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-07T17:23:33.048821+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.0.0 |
| 2025-04-07T16:02:57.057699+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.0.0 |