Search for packages
Package details: pkg:deb/debian/python-cryptography@3.3.2-1
purl pkg:deb/debian/python-cryptography@3.3.2-1
Next non-vulnerable version 43.0.0-3
Latest non-vulnerable version 43.0.0-3
Risk 4.0
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-ddhe-4ck9-aaam
Aliases:
CVE-2023-50782
GHSA-3ww4-gg4f-jr7f
python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659
43.0.0-1
Affected by 0 other vulnerabilities.
43.0.0-2
Affected by 0 other vulnerabilities.
43.0.0-3
Affected by 0 other vulnerabilities.
VCID-uvg4-qjhy-aaaq
Aliases:
CVE-2023-49083
GHSA-jfhm-5ghh-2f97
PYSEC-2023-254
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
38.0.4-3+deb12u1
Affected by 1 other vulnerability.
43.0.0-1
Affected by 0 other vulnerabilities.
VCID-vqz2-zd9g-aaab
Aliases:
CVE-2023-23931
GHSA-w7pp-m8wf-vj6r
PYSEC-0000-CVE-2023-23931
PYSEC-2023-11
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
38.0.4-3
Affected by 2 other vulnerabilities.
38.0.4-3+deb12u1
Affected by 1 other vulnerability.
VCID-wmwm-snjw-aaam
Aliases:
CGA-f4qg-9fw4-8247
CVE-2024-26130
GHSA-6vqw-3v5j-54x4
PYSEC-2024-225
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
38.0.4-3+deb12u1
Affected by 1 other vulnerability.
43.0.0-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (3)
Vulnerability Summary Aliases
VCID-1vvs-dn11-aaak python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. CVE-2020-25659
GHSA-hggm-jpg3-v476
PYSEC-2021-62
VCID-j6cb-jtt4-aaas In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. CVE-2020-36242
GHSA-rhm9-p9w5-fwm7
PYSEC-2021-63
VCID-vqz2-zd9g-aaab cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. CVE-2023-23931
GHSA-w7pp-m8wf-vj6r
PYSEC-0000-CVE-2023-23931
PYSEC-2023-11

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-21T23:59:04.290663+00:00 Debian Importer Affected by VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T18:01:53.418497+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T17:53:04.126831+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T15:24:07.090575+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T07:38:16.665173+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab None 36.1.3
2025-06-21T04:59:37.220054+00:00 Debian Oval Importer Fixing VCID-j6cb-jtt4-aaas None 36.1.3
2025-06-21T04:25:49.246578+00:00 Debian Importer Affected by VCID-ddhe-4ck9-aaam https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T04:07:56.316984+00:00 Debian Oval Importer Fixing VCID-1vvs-dn11-aaak None 36.1.3
2025-06-20T23:55:30.385528+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-20T23:33:59.000262+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 36.1.3
2025-06-20T22:52:41.103008+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 36.1.3
2025-06-20T22:45:58.910096+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-20T20:13:42.080879+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 36.1.3
2025-06-08T12:54:09.087399+00:00 Debian Oval Importer Fixing VCID-j6cb-jtt4-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:33:36.541115+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T01:18:12.453749+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab None 36.1.0
2025-06-07T22:37:02.881535+00:00 Debian Oval Importer Fixing VCID-j6cb-jtt4-aaas None 36.1.0
2025-06-07T21:43:34.447360+00:00 Debian Oval Importer Fixing VCID-1vvs-dn11-aaak None 36.1.0
2025-06-05T14:10:31.823144+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 36.1.0
2025-04-13T02:12:07.704294+00:00 Debian Oval Importer Affected by VCID-uvg4-qjhy-aaaq https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T02:12:04.938131+00:00 Debian Oval Importer Affected by VCID-vqz2-zd9g-aaab https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:52:54.895152+00:00 Debian Oval Importer Fixing VCID-1vvs-dn11-aaak https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:41:19.014256+00:00 Debian Oval Importer Fixing VCID-j6cb-jtt4-aaas https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:14:57.287643+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-07T23:50:49.164523+00:00 Debian Oval Importer Fixing VCID-vqz2-zd9g-aaab None 36.0.0
2025-04-07T21:08:42.206066+00:00 Debian Oval Importer Fixing VCID-j6cb-jtt4-aaas None 36.0.0
2025-04-07T20:13:18.009551+00:00 Debian Oval Importer Fixing VCID-1vvs-dn11-aaak None 36.0.0
2025-04-05T19:18:58.712720+00:00 Debian Importer Affected by VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T14:02:37.586536+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-05T11:55:34.810956+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T07:15:01.877397+00:00 Debian Importer Affected by VCID-ddhe-4ck9-aaam https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T02:37:01.081284+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T02:14:46.525697+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 36.0.0
2025-04-04T01:31:42.176049+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 36.0.0
2025-04-04T01:25:06.141237+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-03T23:09:34.415089+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 36.0.0
2025-02-21T18:55:59.657885+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T15:00:39.710721+00:00 Debian Importer Affected by VCID-ddhe-4ck9-aaam https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T14:52:37.478007+00:00 Debian Importer Affected by VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T09:34:09.792095+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 35.1.0
2025-02-21T09:34:07.025034+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T16:43:35.293757+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T16:43:32.549171+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 35.1.0
2025-02-19T15:04:21.447961+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-19T15:04:20.779049+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 35.1.0
2024-11-24T07:13:49.771822+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-24T03:58:07.568576+00:00 Debian Importer Affected by VCID-ddhe-4ck9-aaam https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-23T23:10:59.985328+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-22T13:37:24.734857+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-22T13:37:22.006572+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 35.0.0
2024-10-11T03:53:40.073067+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-10T20:51:07.551199+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-09T13:00:54.838206+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-09T13:00:52.042077+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 34.0.2
2024-09-25T18:05:25.892442+00:00 Debian Importer Affected by VCID-wmwm-snjw-aaam https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-20T01:56:50.888526+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-18T22:21:40.762965+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 34.0.1
2024-09-18T22:21:38.015153+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 34.0.1
2024-05-20T15:03:39.429835+00:00 Debian Importer Affected by VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-26T01:42:45.998579+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 34.0.0rc4
2024-04-26T01:42:42.118033+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T19:54:49.625357+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T19:54:44.178860+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 34.0.0rc4
2024-04-24T19:01:57.548950+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-04-24T19:01:56.772081+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 34.0.0rc4
2024-01-12T11:53:55.126850+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 34.0.0rc2
2024-01-12T11:53:54.299405+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T21:20:15.088331+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T21:20:09.377908+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 34.0.0rc2
2024-01-10T20:31:12.258880+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc2
2024-01-10T20:31:11.369241+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 34.0.0rc2
2024-01-05T07:57:48.468517+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-05T07:57:43.698673+00:00 Debian Importer Affected by VCID-vqz2-zd9g-aaab None 34.0.0rc1
2024-01-04T10:36:51.061491+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T10:36:44.878809+00:00 Debian Importer Fixing VCID-j6cb-jtt4-aaas None 34.0.0rc1
2024-01-04T09:51:55.394613+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak https://security-tracker.debian.org/tracker/data/json 34.0.0rc1
2024-01-04T09:51:54.587200+00:00 Debian Importer Fixing VCID-1vvs-dn11-aaak None 34.0.0rc1