Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Cryptography
(Cryptography_project)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 4 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-11-29 | CVE-2023-49083 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has... | Cryptography | 7.5 | ||
| 2021-02-07 | CVE-2020-36242 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | Cryptography, Fedora, Communications_cloud_native_core_network_function_cloud_native_environment | 9.1 | ||
| 2023-07-14 | CVE-2023-38325 | The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options. | Cryptography | 7.5 | ||
| 2023-02-07 | CVE-2023-23931 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally... | Cryptography | 6.5 |