Search for packages
| purl | pkg:pypi/cryptography@42.0.1 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-fa2w-8q46-1fcb
Aliases: GHSA-h4gh-qq45-vh27 |
pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels |
Affected by 1 other vulnerability. |
|
VCID-jm31-c3d3-aaap
Aliases: CVE-2024-0727 GHSA-9v9h-cgj8-h64p |
openssl: denial of service via null dereference |
Affected by 3 other vulnerabilities. |
|
VCID-wmwm-snjw-aaam
Aliases: CGA-f4qg-9fw4-8247 CVE-2024-26130 GHSA-6vqw-3v5j-54x4 PYSEC-2024-225 |
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
Affected by 2 other vulnerabilities. |
|
VCID-ypp8-vqu8-f7en
Aliases: CVE-2024-12797 GHSA-79v4-65xg-pq4g |
openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||