Cryptography.io Cryptography 38.0.1 for Python

CPE Details

Cryptography.io Cryptography 38.0.1 for Python
cryptography.io
cryptography
38.0.1
2024-09-05
14h09 +00:00
2024-09-05
14h09 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:cryptography.io:cryptography:38.0.1:*:*:*:*:python:*:*

Informations

Vendor

cryptography.io

Product

cryptography

Version

38.0.1

Target Software

python

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-26130 2024-02-21 16h28 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
7.5
Haute
CVE-2023-50782 2024-02-05 20h45 +00:00 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5
Haute
CVE-2023-49083 2023-11-29 18h50 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
7.5
Haute
CVE-2023-23931 2023-02-07 20h54 +00:00 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
6.5
Moyen