Search for packages
| purl | pkg:deb/debian/python-cryptography@38.0.4-3 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
|
VCID-wmwm-snjw-aaam
Aliases: CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
Affected by 1 other vulnerability. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2024-10-20T02:38:19.120775+00:00 | Debian Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-11T03:53:40.078929+00:00 | Debian Importer | Affected by | VCID-wmwm-snjw-aaam | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-10-10T20:51:07.557820+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.2 |
| 2024-09-25T18:05:25.899399+00:00 | Debian Importer | Affected by | VCID-wmwm-snjw-aaam | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-09-20T01:56:50.894065+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.1 |
| 2024-05-20T15:03:39.435606+00:00 | Debian Importer | Affected by | VCID-uvg4-qjhy-aaaq | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-04-26T01:42:46.003201+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | None | 34.0.0rc4 |
| 2024-04-26T01:42:42.122295+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc4 |
| 2024-01-12T11:53:55.131844+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | None | 34.0.0rc2 |
| 2024-01-12T11:53:54.304424+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc2 |
| 2024-01-05T07:57:48.473530+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | https://security-tracker.debian.org/tracker/data/json | 34.0.0rc1 |
| 2024-01-05T07:57:43.703935+00:00 | Debian Importer | Fixing | VCID-vqz2-zd9g-aaab | None | 34.0.0rc1 |