Search for packages
Package details: pkg:deb/debian/python-cryptography@42.0.5-2
purl pkg:deb/debian/python-cryptography@42.0.5-2
Tags Ghost
Next non-vulnerable version 43.0.0-3
Latest non-vulnerable version 43.0.0-3
Risk 4.0
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-uvg4-qjhy-aaaq
Aliases:
CVE-2023-49083
GHSA-jfhm-5ghh-2f97
PYSEC-2023-254
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
43.0.0-1
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (0)
Vulnerability Summary Aliases
This package is not known to fix vulnerabilities.

Date Actor Action Vulnerability Source VulnerableCode Version
2024-05-20T15:03:40.234216+00:00 Debian Importer Fixing VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc4
2024-05-20T15:03:39.443088+00:00 Debian Importer Affected by VCID-uvg4-qjhy-aaaq https://security-tracker.debian.org/tracker/data/json 34.0.0rc4