Search for packages
| purl | pkg:deb/debian/python-cryptography@1.7.1-3%2Bdeb9u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vvs-dn11-aaak
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
Affected by 0 other vulnerabilities. Affected by 4 other vulnerabilities. |
|
VCID-69da-bw9p-aaae
Aliases: CVE-2018-10903 GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Affected by 5 other vulnerabilities. |
|
VCID-j6cb-jtt4-aaas
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. |
Affected by 4 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:01:53.414331+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T16:04:13.555314+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T07:38:16.660638+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.3 |
| 2025-06-21T04:59:37.215655+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-21T04:07:56.312868+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T00:24:18.368559+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T00:05:43.214682+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.3 |
| 2025-06-08T12:54:09.083884+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:33:36.529092+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:57:11.517251+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:12.448319+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.0 |
| 2025-06-07T22:37:02.877807+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-06-07T21:43:34.442596+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.0 |
| 2025-06-07T17:28:29.610336+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.1.0 |
| 2025-04-13T02:12:07.693031+00:00 | Debian Oval Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:12:04.928227+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:02:33.174376+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:52:54.885098+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:19.004243+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:14:57.277770+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:28:47.211504+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.153007+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.0.0 |
| 2025-04-07T21:08:42.196158+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-04-07T20:13:17.999656+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-07T16:02:57.082999+00:00 | Debian Oval Importer | Affected by | VCID-69da-bw9p-aaae | None | 36.0.0 |
| 2025-04-04T03:06:51.120045+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-02-19T15:04:23.436120+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 35.1.0 |
| 2024-04-24T19:02:07.190652+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc4 |
| 2024-01-10T20:31:14.797965+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc2 |
| 2024-01-04T09:51:56.931586+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc1 |