Cryptography.io Cryptography 41.0.3 for Python

CPE Details

Cryptography.io Cryptography 41.0.3 for Python
cryptography.io
cryptography
41.0.3
2024-09-05
14h09 +00:00
2024-09-05
14h09 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:cryptography.io:cryptography:41.0.3:*:*:*:*:python:*:*

Informations

Vendor

cryptography.io

Product

cryptography

Version

41.0.3

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-26130 2024-02-21 16h28 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
7.5
High
CVE-2023-50782 2024-02-05 20h45 +00:00 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5
High
CVE-2023-49083 2023-11-29 18h50 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
7.5
High