Lucene search
Veracode Vulnerability DatabaseVERACODE:7109HistoryJul 20, 2018 - 3:38 a.m.
Information Disclosure
2018-07-2003:38:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.002 Low
EPSS
Percentile
55.3%
python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalize_with_tag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage.
| CPE | Name | Operator | Version |
|---|---|---|---|
| cryptography | le | 2.2.2 |
Related
nessus
nessus
nvd
nvd
CVE-2018-10903
2018-07-30 16:29:00
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4044-1)
2022-11-17 00:00:00
SUSE: Security Advisory (SUSE-SU-2020:0792-1)
2021-04-19 00:00:00
Ubuntu: Security Advisory (USN-3720-1)
2018-10-26 00:00:00
freebsd
freebsd
py-cryptography -- tag forgery vulnerability
2018-07-17 00:00:00
github
github
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
debiancve
debiancve
CVE-2018-10903
2018-07-30 16:29:00
veracode
veracode
Information Disclosure
2019-01-15 09:26:51
mageia
mageia
Updated python-cryptography packages fix security vulnerability
2018-11-03 14:55:18
cve
cve
CVE-2018-10903
2018-07-30 16:29:00
redhat
redhat
(RHSA-2018:3600) Moderate: python-cryptography security update
2018-11-13 21:57:38
ubuntu
ubuntu
python-cryptography vulnerability
2018-07-23 00:00:00
suse
suse
Security update for python-cryptography (moderate)
2018-10-25 18:17:44
osv
osv
PyCA Cryptography vulnerable to GCM tag forgery
2018-07-31 18:28:09
CVE-2018-10903
2018-07-30 16:29:00
PYSEC-2018-52
2018-07-30 16:29:00
redhatcve
redhatcve
CVE-2018-10903
2018-07-18 20:49:06
prion
prion
Input validation
2018-07-30 16:29:00
ubuntucve
ubuntucve
CVE-2018-10903
2018-07-20 00:00:00
cvelist
cvelist
CVE-2018-10903
2018-07-30 15:00:00
photon
photon