Product:

Cryptography

(Cryptography\.io)
Repositories https://github.com/pyca/cryptography
#Vulnerabilities 7
Date Id Summary Products Score Patch Annotated
2024-02-05 CVE-2023-50782 A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Couchbase_server, Cryptography, Ansible_automation_platform, Enterprise_linux, Update_infrastructure 7.5
2017-03-27 CVE-2016-9243 HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size. Ubuntu_linux, Cryptography, Fedora 7.5
2021-01-11 CVE-2020-25659 python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. Cryptography, Communications_cloud_native_core_network_function_cloud_native_environment 5.9
2021-02-07 CVE-2020-36242 In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. Cryptography, Fedora, Communications_cloud_native_core_network_function_cloud_native_environment 9.1
2023-02-07 CVE-2023-23931 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally... Cryptography 6.5
2023-07-14 CVE-2023-38325 The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. Cryptography 7.5
2023-11-29 CVE-2023-49083 cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has... Cryptography 7.5