Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
gentooGentoo FoundationGLSA-202407-06
HistoryJul 01, 2024 - 12:00 a.m.

cryptography: Multiple Vulnerabilities

2024-07-0100:00:00
Gentoo Foundation
security.gentoo.org
1
cryptography
vulnerabilities
python
upgrade

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON

Background

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Description

Multiple vulnerabilities have been discovered in cryptography. Please review the CVE identifiers referenced below for details.

Impact

Please review the referenced CVE identifiers for details.

Workaround

There is no known workaround at this time.

Resolution

All cryptography users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=dev-python/cryptography-42.0.4"
OSVersionArchitecturePackageVersionFilename
Gentooanyalldev-python/cryptography< 42.0.4UNKNOWN

Related

nessus 62
openvas 31
osv 18
cloudfoundry 1
ubuntu 2
redos 3
ibm 12
github 4
veracode 4
cbl_mariner 5
debiancve 4
fedora 3
cve 4
alpinelinux 3
redhatcve 3
oraclelinux 7
almalinux 3
ubuntucve 4
prion 3
nvd 3
cvelist 4
photon 1
wolfi 2
suse 1
mageia 2
archlinux 1
rocky 1
cgr 2
debian 2
redhat 3
freebsd 1
nessus
nessus
GLSA-202407-06 : cryptography: Multiple Vulnerabilities
2024-07-01 00:00:00
Ubuntu 20.04 LTS / 22.04 LTS / 23.04 / 23.10 : python-cryptography vulnerabilities (USN-6539-1)
2023-12-06 00:00:00
Ubuntu 24.04 LTS : python-cryptography vulnerability (USN-6673-3)
2024-05-27 00:00:00
openvas
openvas
Ubuntu: Security Advisory (USN-6539-1)
2023-12-07 00:00:00
Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2021-2278)
2021-08-09 00:00:00
Fedora: Security Advisory for python-cryptography (FEDORA-2021-8e36e7ed1a)
2021-02-12 00:00:00
osv
osv
python-cryptography vulnerabilities
2023-12-06 15:22:41
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
2024-02-21 18:04:40
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
2021-02-10 01:32:27
cloudfoundry
cloudfoundry
USN-6539-1: python-cryptography vulnerabilities | Cloud Foundry
2024-04-04 00:00:00
ubuntu
ubuntu
python-cryptography vulnerabilities
2023-12-06 00:00:00
python-cryptography vulnerability
2024-05-27 00:00:00
redos
redos
ROS-20230620-06
2023-06-20 00:00:00
ROS-20240422-02
2024-04-22 00:00:00
ROS-20240402-16
2024-04-02 00:00:00
ibm
ibm
Security Bulletin: IBM Maximo Application Suite uses cryptography-41.0.4-cp37-abi3-manylinux_2_28_x86_64.whl and cryptography-41.0.7-cp37-abi3-manylinux_2_28_x86_64.whl which is vulnerable to CVE-2024-26130
2024-04-01 07:37:11
Security Bulletin: Vulnerability in cryptography affects IBM Process Mining CVE-2024-26130
2024-03-29 10:41:18
Security Bulletin: Storage Virtualize Ansible Collection is affected by a vulnerability in the Python Cryptographic Authority package
2024-06-26 06:15:45
github
github
cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
2024-02-21 18:04:40
PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
2021-02-10 01:32:27
Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
2023-02-07 20:54:10
veracode
veracode
Denial Of Service (DoS)
2021-02-08 06:02:38
Denial Of Service (DoS)
2023-11-29 09:29:57
Denial Of Service (DoS)
2024-02-22 07:33:51
cbl_mariner
cbl_mariner
CVE-2020-36242 affecting package python-cryptography 2.3.1-4
2021-03-03 03:44:07
CVE-2023-49083 affecting package python-cryptography for versions less than 42.0.5-1
2024-03-19 17:21:46
CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5
2024-03-19 17:21:46
debiancve
debiancve
CVE-2020-36242
2021-02-07 20:15:12
CVE-2024-26130
2024-02-21 17:15:09
CVE-2023-23931
2023-02-07 21:15:09
fedora
fedora
[SECURITY] Fedora 33 Update: python-cryptography-3.2.1-2.fc33
2021-02-12 01:44:24
[SECURITY] Fedora 36 Update: python-cryptography-36.0.0-4.fc36
2023-03-10 01:38:26
[SECURITY] Fedora 39 Update: python-cryptography-41.0.7-1.fc39
2024-02-17 00:57:57
cve
cve
CVE-2020-36242
2021-02-07 20:15:12
CVE-2023-49083
2023-11-29 19:15:07
CVE-2024-26130
2024-02-21 17:15:09
alpinelinux
alpinelinux
CVE-2020-36242
2021-02-07 20:15:12
CVE-2023-49083
2023-11-29 19:15:07
CVE-2023-23931
2023-02-07 21:15:09
redhatcve
redhatcve
CVE-2023-49083
2023-12-20 11:10:52
CVE-2024-26130
2024-03-14 22:44:35
CVE-2023-23931
2023-02-20 14:29:26
oraclelinux
oraclelinux
python-cryptography security update
2024-03-20 00:00:00
python3.11-cryptography security update
2024-05-02 00:00:00
python3.11-cryptography security update
2024-05-23 00:00:00
almalinux
almalinux
Moderate: python3.11-cryptography security update
2024-05-22 00:00:00
Moderate: python3.11-cryptography security update
2024-04-30 00:00:00
Moderate: python-cryptography security update
2023-11-14 00:00:00
ubuntucve
ubuntucve
CVE-2023-49083
2023-12-04 00:00:00
CVE-2024-26130
2024-02-21 00:00:00
CVE-2020-36242
2021-02-07 00:00:00
prion
prion
Null pointer dereference
2024-02-21 17:15:00
Integer overflow
2021-02-07 20:15:00
Null pointer dereference
2023-11-29 19:15:00
nvd
nvd
CVE-2024-26130
2024-02-21 17:15:09
CVE-2020-36242
2021-02-07 20:15:12
CVE-2023-49083
2023-11-29 19:15:07
cvelist
cvelist
CVE-2024-26130 cryptography NULL pointer deference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
2024-02-21 16:28:18
CVE-2023-49083 cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
2023-11-29 18:50:24
CVE-2020-36242
2021-02-07 19:50:57
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0400
2021-06-08 00:00:00
wolfi
wolfi
CVE-2024-26130 vulnerabilities
2024-07-03 09:08:38
CVE-2023-49083 vulnerabilities
2024-07-03 09:08:38
suse
suse
Security update for python-cryptography (important)
2021-02-26 00:00:00
mageia
mageia
Updated python-cryptography package fixes a security vulnerability
2021-03-12 04:25:47
Updated python-cryptography packages fix security vulnerability
2023-02-27 23:27:16
archlinux
archlinux
[ASA-202102-36] python-cryptography: incorrect calculation
2021-02-27 00:00:00
rocky
rocky
python3.11-cryptography security update
2024-05-10 14:32:42
cgr
cgr
CVE-2024-26130 vulnerabilities
2024-05-19 03:07:16
CVE-2023-49083 vulnerabilities
2024-05-19 03:07:16
debian
debian
[SECURITY] [DLA 3331-1] python-cryptography security update
2023-02-22 20:00:30
[SECURITY] [DLA 3331-2] python-cryptography security update
2023-02-27 07:39:06
redhat
redhat
(RHSA-2024:3105) Moderate: python3.11-cryptography security update
2024-05-22 06:35:37
(RHSA-2024:2337) Moderate: python3.11-cryptography security update
2024-04-30 06:15:25
(RHSA-2023:6615) Moderate: python-cryptography security update
2023-11-07 06:10:12
freebsd
freebsd
py-cryptography -- allows programmers to misuse an API
2023-02-07 00:00:00

6.4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

7.7 High

AI Score

Confidence

Low

0.008 Low

EPSS

Percentile

82.3%

JSON
Related for GLSA-202407-06
nessus62openvas31osv18cloudfoundry1ubuntu2redos3ibm12github4veracode4cbl_mariner5debiancve4fedora3cve4alpinelinux3redhatcve3oraclelinux7almalinux3ubuntucve4prion3nvd3cvelist4photon1wolfi2suse1mageia2archlinux1rocky1cgr2debian2redhat3freebsd1