Search for packages
| purl | pkg:deb/debian/python-cryptography@0.8.2-2~bpo8%2B1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vvs-dn11-aaak
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-69da-bw9p-aaae
Aliases: CVE-2018-10903 GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Affected by 5 other vulnerabilities. |
|
VCID-ec7h-g27n-aaad
Aliases: CVE-2016-9243 GHSA-q3cj-2r34-2cwc PYSEC-2017-8 |
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. |
Affected by 5 other vulnerabilities. |
|
VCID-j6cb-jtt4-aaas
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. |
Affected by 4 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:01:53.409566+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:04:13.550998+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T13:39:25.020796+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T07:38:16.656805+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.3 |
| 2025-06-21T04:59:37.211436+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-21T04:07:56.308740+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T01:22:54.028213+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.3 |
| 2025-06-21T00:05:43.210073+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.3 |
| 2025-06-08T12:54:37.029183+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T12:54:09.080279+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:33:36.525490+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:57:11.513539+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T06:33:42.273763+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:12.443852+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.0 |
| 2025-06-07T22:37:02.873720+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-06-07T21:43:34.438307+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.0 |
| 2025-06-07T18:45:42.940474+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.1.0 |
| 2025-06-07T17:28:29.607215+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.0 |
| 2025-04-13T02:12:07.682233+00:00 | Debian Oval Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:12:04.918361+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:02:33.163896+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:52:54.875073+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:48.092708+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:18.994326+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:14:57.268109+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:28:47.204015+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T05:05:57.205011+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.141407+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.0.0 |
| 2025-04-07T21:08:42.185235+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-04-07T20:13:17.989256+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-07T17:23:33.059666+00:00 | Debian Oval Importer | Affected by | VCID-ec7h-g27n-aaad | None | 36.0.0 |
| 2025-04-07T16:02:57.070991+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.0.0 |