Medium severity5.3NVD Advisory· Published Nov 17, 2017· Updated May 13, 2026

CVE-2017-1000246

Description

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
pysaml2PyPI	< 4.6.0	4.6.0

Affected products

Pysaml2 Project/Pysaml2
cpe:2.3:a:pysaml2_project:pysaml2:*:*:*:*:*:*:*:*
Range: <4.6.0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/rohe/pysaml2/issues/417nvdIssue TrackingPatchThird Party AdvisoryWEB
github.com/advisories/GHSA-cq94-qf6q-mf2hghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2017-1000246ghsaADVISORY
github.com/IdentityPython/pysaml2/pull/519/commits/7323f5c20efb59424d853c822e7a26d1aa3e84aaghsaWEB
github.com/pypa/advisory-database/tree/main/vulns/pysaml2/PYSEC-2017-26.yamlghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.345
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000