Search for packages
| purl | pkg:deb/debian/python-cryptography@2.6.1-3%2Bdeb10u2 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-1vvs-dn11-aaak
Aliases: CVE-2020-25659 GHSA-hggm-jpg3-v476 PYSEC-2021-62 |
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. |
Affected by 4 other vulnerabilities. |
|
VCID-j6cb-jtt4-aaas
Aliases: CVE-2020-36242 GHSA-rhm9-p9w5-fwm7 PYSEC-2021-63 |
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. |
Affected by 4 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 4 other vulnerabilities. Affected by 2 other vulnerabilities. Affected by 1 other vulnerability. |
|
VCID-wmwm-snjw-aaam
Aliases: CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-69da-bw9p-aaae | A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
CVE-2018-10903
GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-06-21T18:01:53.416277+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T17:53:04.122576+00:00 | Debian Importer | Affected by | VCID-wmwm-snjw-aaam | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T16:04:13.557367+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.3 |
| 2025-06-21T15:24:07.088101+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-21T07:38:16.662906+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.3 |
| 2025-06-21T04:59:37.217815+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-21T04:07:56.314892+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-21T00:05:43.216436+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | None | 36.1.3 |
| 2025-06-20T23:55:30.382280+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 36.1.3 |
| 2025-06-20T22:52:41.100672+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.3 |
| 2025-06-20T20:13:42.078957+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.3 |
| 2025-06-08T12:54:09.085664+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.1.0 |
| 2025-06-08T10:33:36.530912+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T08:57:11.519525+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.1.0 |
| 2025-06-08T01:18:12.450962+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.1.0 |
| 2025-06-07T22:37:02.879621+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-06-07T21:43:34.445043+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.1.0 |
| 2025-06-07T17:28:29.612436+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | None | 36.1.0 |
| 2025-06-05T14:10:31.821107+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.1.0 |
| 2025-04-13T02:12:07.698905+00:00 | Debian Oval Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-13T02:12:04.933174+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T21:02:33.179614+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T19:52:54.890030+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T18:41:19.009371+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 | 36.0.0 |
| 2025-04-12T16:14:57.282705+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-08T07:28:47.214986+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 | 36.0.0 |
| 2025-04-07T23:50:49.158786+00:00 | Debian Oval Importer | Affected by | VCID-vqz2-zd9g-aaab | None | 36.0.0 |
| 2025-04-07T21:08:42.201092+00:00 | Debian Oval Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-04-07T20:13:18.004643+00:00 | Debian Oval Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-07T16:02:57.088623+00:00 | Debian Oval Importer | Fixing | VCID-69da-bw9p-aaae | None | 36.0.0 |
| 2025-04-05T14:02:37.582136+00:00 | Debian Importer | Affected by | VCID-wmwm-snjw-aaam | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-05T11:55:34.806314+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T02:37:01.076361+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 36.0.0 |
| 2025-04-04T01:31:42.171663+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 36.0.0 |
| 2025-04-03T23:09:34.409470+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 36.0.0 |
| 2025-02-21T18:56:01.097142+00:00 | Debian Importer | Affected by | VCID-wmwm-snjw-aaam | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T16:43:35.288454+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T16:43:32.544689+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 35.1.0 |
| 2025-02-19T15:04:21.442644+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 35.1.0 |
| 2025-02-19T15:04:20.774029+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 35.1.0 |
| 2024-11-22T13:37:24.729765+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 35.0.0 |
| 2024-11-22T13:37:22.000557+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 35.0.0 |
| 2024-10-09T13:00:54.832589+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-09T13:00:52.034878+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 34.0.2 |
| 2024-09-18T22:21:40.758594+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-18T22:21:38.009097+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 34.0.1 |
| 2024-04-24T19:54:49.620393+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T19:54:44.173035+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 34.0.0rc4 |
| 2024-04-24T19:01:57.544874+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-24T19:01:56.767034+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc4 |
| 2024-01-10T21:20:15.083067+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T21:20:09.373739+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 34.0.0rc2 |
| 2024-01-10T20:31:12.254090+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-10T20:31:11.363902+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc2 |
| 2024-01-04T10:36:51.057104+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T10:36:44.873993+00:00 | Debian Importer | Affected by | VCID-j6cb-jtt4-aaas | None | 34.0.0rc1 |
| 2024-01-04T09:51:55.389625+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-04T09:51:54.583049+00:00 | Debian Importer | Affected by | VCID-1vvs-dn11-aaak | None | 34.0.0rc1 |