VulnerableCode Package Details - pkg:deb/debian/python-cryptography@38.0.4-3%2Bdeb12u1

Search for packages

Vulnerability	Summary	Fixed by
VCID-asvq-g6rg-6fb6 Aliases: CVE-2023-50782 GHSA-3ww4-gg4f-jr7f	Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.	43.0.0-3 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-asvq-g6rg-6fb6
Aliases:
CVE-2023-50782
GHSA-3ww4-gg4f-jr7f

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

43.0.0-3
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
VCID-92vn-rkhm-s3aw	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.	CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254
VCID-n26h-8x4z-ufbf	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.	CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-2023-11

Vulnerability

Summary

Aliases

VCID-92vn-rkhm-s3aw

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

CVE-2023-49083
GHSA-jfhm-5ghh-2f97
PYSEC-2023-254

VCID-n26h-8x4z-ufbf

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

CVE-2023-23931
GHSA-w7pp-m8wf-vj6r
PYSEC-2023-11

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-08-01T19:31:01.150204+00:00	Debian Oval Importer	Fixing	VCID-92vn-rkhm-s3aw	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T18:10:40.773390+00:00	Debian Oval Importer	Fixing	VCID-n26h-8x4z-ufbf	https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2	37.0.0
2025-08-01T12:57:49.141920+00:00	Debian Importer	Affected by	VCID-asvq-g6rg-6fb6	https://security-tracker.debian.org/tracker/data/json	37.0.0