Cryptography.io Cryptography 2.1.3 for Python

CPE Details

Cryptography.io Cryptography 2.1.3 for Python
cryptography.io
cryptography
2.1.3
2024-09-05
14h09 +00:00
2024-09-05
14h14 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cryptography.io:cryptography:2.1.3:*:*:*:*:python:*:*

Informations

Vendor

cryptography.io

Product

cryptography

Version

2.1.3

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2023-50782 2024-02-05 20h45 +00:00 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5
High
CVE-2023-23931 2023-02-07 20h54 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
6.5
Medium
CVE-2020-36242 2021-02-07 18h50 +00:00 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
9.1
Critical