A vulnerability was found in python-cryptography. In affected versions, Cipher.update_into would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as bytes) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.

References

bugzilla.redhat.com/show_bug.cgi?id=2171817

github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r

nvd.nist.gov/vuln/detail/CVE-2023-23931

www.cve.org/CVERecord?id=CVE-2023-23931

osv 10

debian 2

nessus 51

openvas 23

debiancve 1

fedora 3

mageia 1

veracode 1

cbl_mariner 3

freebsd 1

ibm 19

github 1

alpinelinux 1

almalinux 3

redhat 7

oraclelinux 3

cvelist 1

ubuntucve 1

cve 1

nvd 1

prion 1

photon 3

ubuntu 1

cloudfoundry 1

redos 1

rocky 1

gentoo 1

hp 2

ics 1

oracle 4

osv

CVE-2023-23931

2023-02-07 21:15:09

python310-cryptography-39.0.1-1.1 on GA media

2024-06-15 00:00:00

Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

2023-02-07 20:54:10

debian

[SECURITY] [DLA 3331-1] python-cryptography security update

2023-02-22 20:00:30

[SECURITY] [DLA 3331-2] python-cryptography security update

2023-02-27 07:39:06

nessus

CentOS 9 : python-cryptography-36.0.1-3.el9

2024-02-29 00:00:00

EulerOS Virtualization 2.11.1 : python-cryptography (EulerOS-SA-2023-2740)

2024-01-16 00:00:00

EulerOS Virtualization 3.0.6.0 : python-cryptography (EulerOS-SA-2024-1700)

2024-05-17 00:00:00

openvas

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2023-2320)

2023-07-10 00:00:00

Fedora: Security Advisory for python-cryptography (FEDORA-2023-749dd47c79)

2023-03-12 00:00:00

Fedora: Security Advisory for python-cryptography (FEDORA-2023-672f668f51)

2023-03-11 00:00:00

debiancve

CVE-2023-23931

2023-02-07 21:15:09

fedora

[SECURITY] Fedora 36 Update: python-cryptography-36.0.0-4.fc36

2023-03-10 01:38:26

[SECURITY] Fedora 38 Update: python-cryptography-37.0.2-8.fc38

2023-03-11 03:35:22

[SECURITY] Fedora 37 Update: python-cryptography-37.0.2-5.fc37

2023-02-27 01:49:10

mageia

Updated python-cryptography packages fix security vulnerability

2023-02-27 23:27:16

veracode

Memory Corruption

2023-02-08 08:28:21

cbl_mariner

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-5

2024-03-19 17:21:46

CVE-2023-23931 affecting package python-cryptography 3.3.2-1

2023-03-02 04:18:32

CVE-2023-23931 affecting package python-cryptography for versions less than 3.3.2-4

2023-02-24 01:54:33

freebsd

py-cryptography -- allows programmers to misuse an API

2023-02-07 00:00:00

ibm

Security Bulletin: Vulnerability in cryptography affects IBM Cloud Pak for Data System 1.0(CPDS 1.0) [CVE-2023-23931]

2023-04-03 13:35:13

Security Bulletin: IBM Watson Discovery Cartridge for IBM Cloud Pak for Data affected by vulnerability in cryptography

2023-05-02 21:53:16

Security Bulletin: IBM Decision Optimization in IBM Cloud Pak for Data is vulnerable to a remote attacker to bypass security restrictions (CVE-2023-23931)

2023-06-29 13:22:34

github

Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf

2023-02-07 20:54:10

alpinelinux

CVE-2023-23931

2023-02-07 21:15:09

almalinux

Moderate: python-cryptography security update

2023-11-14 00:00:00

Moderate: python-cryptography security update

2023-11-07 00:00:00

Moderate: python39:3.9 and python39-devel:3.9 security update

2024-05-22 00:00:00

redhat

(RHSA-2023:7096) Moderate: python-cryptography security update

2023-11-14 08:45:19

(RHSA-2023:6615) Moderate: python-cryptography security update

2023-11-07 06:10:12

(RHSA-2023:4971) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update

2023-09-05 11:43:37

oraclelinux

python-cryptography security update

2023-11-17 00:00:00

python-cryptography security update

2023-11-11 00:00:00

python39:3.9 and python39-devel:3.9 security update

2024-05-24 00:00:00

cvelist

CVE-2023-23931 Cipher.update_into can corrupt memory in pyca cryptography

2023-02-07 20:54:03

ubuntucve

CVE-2023-23931

2023-02-07 00:00:00

cve

CVE-2023-23931

2023-02-07 21:15:09

nvd

CVE-2023-23931

2023-02-07 21:15:09

prion

Design/Logic Flaw

2023-02-07 21:15:00

photon

Moderate Photon OS Security Update - PHSA-2023-4.0-0405

2023-06-08 00:00:00

Critical Photon OS Security Update - PHSA-2023-3.0-0681

2023-11-04 00:00:00

Critical Photon OS Security Update - PHSA-2024-5.0-0187

2024-01-09 00:00:00

ubuntu

python-cryptography vulnerabilities

2023-12-06 00:00:00

cloudfoundry

USN-6539-1: python-cryptography vulnerabilities | Cloud Foundry

2024-04-04 00:00:00

redos

ROS-20230620-06

2023-06-20 00:00:00

rocky

python39:3.9 and python39-devel:3.9 security update

2024-06-14 13:59:30

gentoo

cryptography: Multiple Vulnerabilities

2024-07-01 00:00:00

HP ThinPro 8.1 SP 2 Security Updates

2024-04-12 00:00:00

HP ThinPro 8.0 SP 8 Security Updates

2024-03-01 00:00:00

ics

Siemens SCALANCE XCM-/XRM-300

2024-02-15 12:00:00

oracle

Oracle Critical Patch Update Advisory - January 2024

2024-01-16 00:00:00

Oracle Critical Patch Update Advisory - October 2023

2023-10-17 00:00:00

Oracle Critical Patch Update Advisory - July 2023

2023-07-18 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L

AI Score

6.7

Confidence

High

EPSS

0.001

Percentile

33.2%

JSON

Related for RH:CVE-2023-23931