Search for packages
| purl | pkg:pypi/cryptography@38.0.4 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-4q68-8rd1-aaah
Aliases: GHSA-5cpq-8wj7-hf2v GMS-2023-1778 |
Vulnerable OpenSSL included in cryptography wheels |
Affected by 8 other vulnerabilities. |
|
VCID-9wtx-9sbn-aaam
Aliases: CVE-2023-0286 GHSA-x4qr-2fvf-3mr5 |
Vulnerable OpenSSL included in cryptography wheels |
Affected by 9 other vulnerabilities. |
|
VCID-ddhe-4ck9-aaam
Aliases: CVE-2023-50782 GHSA-3ww4-gg4f-jr7f |
python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659 |
Affected by 4 other vulnerabilities. |
|
VCID-df7k-xenc-aaar
Aliases: CVE-2023-38325 GHSA-cf7p-gm2m-833m PYSEC-2023-112 |
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. |
Affected by 7 other vulnerabilities. |
|
VCID-fa2w-8q46-1fcb
Aliases: GHSA-h4gh-qq45-vh27 |
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels |
Affected by 1 other vulnerability. |
|
VCID-jm31-c3d3-aaap
Aliases: CVE-2024-0727 GHSA-9v9h-cgj8-h64p |
openssl: denial of service via null dereference |
Affected by 3 other vulnerabilities. |
|
VCID-uvg4-qjhy-aaaq
Aliases: CVE-2023-49083 GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
Affected by 4 other vulnerabilities. |
|
VCID-vk3e-zg19-aaah
Aliases: GHSA-v8gr-m533-ghj9 GMS-2023-2474 |
Vulnerable OpenSSL included in cryptography wheels |
Affected by 5 other vulnerabilities. |
|
VCID-vqz2-zd9g-aaab
Aliases: CVE-2023-23931 GHSA-w7pp-m8wf-vj6r PYSEC-0000-CVE-2023-23931 PYSEC-2023-11 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8. |
Affected by 9 other vulnerabilities. |
|
VCID-w668-5d2j-aaar
Aliases: GHSA-jm77-qphf-c4w8 GMS-2023-1898 |
pyca/cryptography's wheels include vulnerable OpenSSL |
Affected by 6 other vulnerabilities. |
|
VCID-wmwm-snjw-aaam
Aliases: CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||