Search for packages
| purl | pkg:pypi/cryptography@41.0.6 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-ddhe-4ck9-aaam
Aliases: CVE-2023-50782 GHSA-3ww4-gg4f-jr7f |
python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659 |
Affected by 4 other vulnerabilities. |
|
VCID-fa2w-8q46-1fcb
Aliases: GHSA-h4gh-qq45-vh27 |
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels |
Affected by 1 other vulnerability. |
|
VCID-jm31-c3d3-aaap
Aliases: CVE-2024-0727 GHSA-9v9h-cgj8-h64p |
openssl: denial of service via null dereference |
Affected by 3 other vulnerabilities. |
|
VCID-wmwm-snjw-aaam
Aliases: CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-uvg4-qjhy-aaaq | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6. |
CVE-2023-49083
GHSA-jfhm-5ghh-2f97 PYSEC-2023-254 |