Search for packages
| purl | pkg:pypi/cryptography@1.9.0 |
| Tags | Ghost |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-69da-bw9p-aaae
Aliases: CVE-2018-10903 GHSA-fcf9-3qw3-gxmj PYSEC-2018-52 |
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. |
Affected by 9 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2025-01-17T02:31:07.682975+00:00 | GHSA Importer | Affected by | VCID-69da-bw9p-aaae | None | 35.1.0 |
| 2024-09-17T22:27:13.635512+00:00 | GitLab Importer | Affected by | VCID-69da-bw9p-aaae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2018-10903.yml | 34.0.1 |
| 2024-09-17T22:13:19.645954+00:00 | GHSA Importer | Affected by | VCID-69da-bw9p-aaae | https://github.com/advisories/GHSA-fcf9-3qw3-gxmj | 34.0.1 |
| 2024-04-23T17:41:25.150763+00:00 | GHSA Importer | Affected by | VCID-69da-bw9p-aaae | https://github.com/advisories/GHSA-fcf9-3qw3-gxmj | 34.0.0rc4 |
| 2024-01-03T17:53:05.490295+00:00 | GitLab Importer | Affected by | VCID-69da-bw9p-aaae | https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/cryptography/CVE-2018-10903.yml | 34.0.0rc1 |
| 2024-01-03T17:46:46.611903+00:00 | GHSA Importer | Affected by | VCID-69da-bw9p-aaae | https://github.com/advisories/GHSA-fcf9-3qw3-gxmj | 34.0.0rc1 |