Lucene search
Redhat.comRH:CVE-2018-10903HistoryJul 18, 2018 - 8:49 p.m.
CVE-2018-10903
2018-07-1820:49:06
redhat.com
access.redhat.com
9
0.002 Low
EPSS
Percentile
55.3%
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
Related
nessus
nessus
nvd
nvd
CVE-2018-10903
2018-07-30 16:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4044-1)
2022-11-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0792-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3720-1)
2018-10-26 00:00:00
freebsd
freebsd
py-cryptography -- tag forgery vulnerability
2018-07-17 00:00:00
github
github
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
debiancve
debiancve
CVE-2018-10903
2018-07-30 16:29:00
veracode
veracode
Information Disclosure
2019-01-15 09:26:51
Information Disclosure
2018-07-20 03:38:18
mageia
mageia
Updated python-cryptography packages fix security vulnerability
2018-11-03 14:55:18
cve
cve
CVE-2018-10903
2018-07-30 16:29:00
redhat
redhat
(RHSA-2018:3600) Moderate: python-cryptography security update
2018-11-13 21:57:38
ubuntu
ubuntu
python-cryptography vulnerability
2018-07-23 00:00:00
suse
suse
Security update for python-cryptography (moderate)
2018-10-25 18:17:44
osv
osv
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
CVE-2018-10903
2018-07-30 16:29:00
PYSEC-2018-52
2018-07-30 16:29:00
prion
prion
Input validation
2018-07-30 16:29:00
ubuntucve
ubuntucve
CVE-2018-10903
2018-07-20 00:00:00
cvelist
cvelist
CVE-2018-10903
2018-07-30 15:00:00
photon
photon