High severity7.5NVD Advisory· Published Jul 30, 2018· Updated Jun 17, 2026
CVE-2018-10903
CVE-2018-10903
Description
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | >= 1.9.0, < 2.3 | 2.3 |
Affected products
70- ghsa-coords70 versionspkg:pypi/cryptographypkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/python-cryptography-vectors&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/python-cffi&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-cffi&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-cryptography&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-cryptography&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-cryptography&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%202%2015%20SP3pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%206-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-xattr&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-xattr&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/python-xattr&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-xattr&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/python-xattr&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-xattr&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208
>= 1.9.0, < 2.3+ 69 more
- (no CPE)range: >= 1.9.0, < 2.3
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.3.3.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-2.19.2
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-2.19.2
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 1.11.2-5.11.1
- (no CPE)range: < 2.0.3-3.3.1
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.1.4-4.3.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.1.4-3.15.5
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.1.4-3.15.5
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.9.2-150200.13.1
- (no CPE)range: < 2.1.4-3.15.5
- (no CPE)range: < 2.1.4-7.28.2
- (no CPE)range: < 2.0.3-3.3.1
- (no CPE)range: < 2.0.3-3.3.1
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-3.2.1
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-3.2.1
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
- (no CPE)range: < 0.7.5-6.3.2
Patches
Vulnerability mechanics
References
10- bugzilla.redhat.com/show_bug.cginvdIssue TrackingPatchThird Party AdvisoryWEB
- github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19efnvdPatchThird Party Advisory
- github.com/advisories/GHSA-fcf9-3qw3-gxmjghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-10903ghsaADVISORY
- usn.ubuntu.com/3720-1/nvdThird Party Advisory
- access.redhat.com/errata/RHSA-2018:3600nvdWEB
- github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cbghsaWEB
- github.com/pyca/cryptography/pull/4342ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yamlghsaWEB
- usn.ubuntu.com/3720-1ghsaWEB
News mentions
0No linked articles in our index yet.