Medium severity4.8NVD Advisory· Published Feb 7, 2023· Updated Jun 17, 2026
CVE-2023-23931
CVE-2023-23931
Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | >= 1.8, < 39.0.1 | 39.0.1 |
Affected products
141- osv-coords140 versionspkg:apk/chainguard/mitmproxypkg:apk/wolfi/mitmproxypkg:pypi/cryptographypkg:rpm/almalinux/python39pkg:rpm/almalinux/python39-attrspkg:rpm/almalinux/python39-cffipkg:rpm/almalinux/python39-chardetpkg:rpm/almalinux/python39-cryptographypkg:rpm/almalinux/python39-Cythonpkg:rpm/almalinux/python39-debugpkg:rpm/almalinux/python39-develpkg:rpm/almalinux/python39-idlepkg:rpm/almalinux/python39-idnapkg:rpm/almalinux/python39-iniconfigpkg:rpm/almalinux/python39-libspkg:rpm/almalinux/python39-lxmlpkg:rpm/almalinux/python39-mod_wsgipkg:rpm/almalinux/python39-more-itertoolspkg:rpm/almalinux/python39-numpypkg:rpm/almalinux/python39-numpy-docpkg:rpm/almalinux/python39-numpy-f2pypkg:rpm/almalinux/python39-packagingpkg:rpm/almalinux/python39-pippkg:rpm/almalinux/python39-pip-wheelpkg:rpm/almalinux/python39-pluggypkg:rpm/almalinux/python39-plypkg:rpm/almalinux/python39-psutilpkg:rpm/almalinux/python39-psycopg2pkg:rpm/almalinux/python39-psycopg2-docpkg:rpm/almalinux/python39-psycopg2-testspkg:rpm/almalinux/python39-pypkg:rpm/almalinux/python39-pybind11pkg:rpm/almalinux/python39-pybind11-develpkg:rpm/almalinux/python39-pycparserpkg:rpm/almalinux/python39-PyMySQLpkg:rpm/almalinux/python39-pyparsingpkg:rpm/almalinux/python39-pysockspkg:rpm/almalinux/python39-pytestpkg:rpm/almalinux/python39-pyyamlpkg:rpm/almalinux/python39-requestspkg:rpm/almalinux/python39-rpm-macrospkg:rpm/almalinux/python39-scipypkg:rpm/almalinux/python39-setuptoolspkg:rpm/almalinux/python39-setuptools-wheelpkg:rpm/almalinux/python39-sixpkg:rpm/almalinux/python39-testpkg:rpm/almalinux/python39-tkinterpkg:rpm/almalinux/python39-tomlpkg:rpm/almalinux/python39-urllib3pkg:rpm/almalinux/python39-wcwidthpkg:rpm/almalinux/python39-wheelpkg:rpm/almalinux/python39-wheel-wheelpkg:rpm/almalinux/python3-cryptographypkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-cffi&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-cffi&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-cffi&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/python-cryptography&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP1-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP1-LTSSpkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP1pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/python-cryptography&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209pkg:rpm/suse/venv-openstack-aodh&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-aodh&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-barbican&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-cinder&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-designate&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-designate&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-freezer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-freezer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-glance&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-heat&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-heat&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-horizon&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-horizon-hpe&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-ironic&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-keystone&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-keystone&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-magnum&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-magnum&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-manila&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-manila&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca-ceilometer&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-monasca&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-monasca&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-murano&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-murano&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-neutron&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-nova&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-nova&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-octavia&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-octavia&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-sahara&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-sahara&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-swift&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/venv-openstack-swift&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/venv-openstack-trove&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/venv-openstack-trove&distro=SUSE%20OpenStack%20Cloud%208
< 12.2.1-r0+ 139 more
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: >= 1.8, < 39.0.1
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 20.3.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.14.3-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.0.4-19.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.3.1-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.29.21-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 2.10-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.1.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 4.6.5-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 4.7.1-7.module_el8.9.0+3634+fb2a896c
- (no CPE)range: < 8.5.0-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.19.4-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 20.4-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 20.2.4-9.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 20.2.4-9.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.13.1-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.11-10.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.8.0-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 2.8.6-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 1.10.0-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.7.1-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.7.1-1.module_el8.6.0+3248+c431e88c
- (no CPE)range: < 2.20-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 0.10.1-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.4.7-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.7.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 6.0.2-2.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 5.4.1-1.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 2.25.0-3.module_el8.9.0+3634+fb2a896c
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 1.5.4-5.module_el8.9.0+3634+fb2a896c
- (no CPE)range: < 50.3.2-5.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 50.3.2-5.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 1.15.0-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 3.9.18-3.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.10.1-5.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1.25.10-5.module_el8.10.0+3765+2f9a457d
- (no CPE)range: < 0.2.5-3.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 1:0.35.1-4.module_el8.6.0+2780+a40f65e1
- (no CPE)range: < 36.0.1-4.el9
- (no CPE)range: < 3.3.2-150400.16.6.1
- (no CPE)range: < 3.3.2-150400.16.6.1
- (no CPE)range: < 39.0.1-1.1
- (no CPE)range: < 1.10.0-4.3.1
- (no CPE)range: < 1.11.5-5.19.1
- (no CPE)range: < 1.11.5-5.19.1
- (no CPE)range: < 1.10.0-4.3.1
- (no CPE)range: < 1.11.5-3.3.1
- (no CPE)range: < 1.10.0-4.3.1
- (no CPE)range: < 1.11.5-3.3.1
- (no CPE)range: < 2.0.3-3.14.2
- (no CPE)range: < 2.9.2-150100.7.12.1
- (no CPE)range: < 3.3.2-150200.19.1
- (no CPE)range: < 3.3.2-150200.19.1
- (no CPE)range: < 3.3.2-150400.16.6.1
- (no CPE)range: < 3.3.2-150400.16.6.1
- (no CPE)range: < 3.3.2-150400.16.6.1
- (no CPE)range: < 3.3.2-150200.19.1
- (no CPE)range: < 2.8-7.40.1
- (no CPE)range: < 2.9.2-150100.7.12.1
- (no CPE)range: < 2.8-7.40.1
- (no CPE)range: < 2.9.2-150100.7.12.1
- (no CPE)range: < 2.0.3-3.14.2
- (no CPE)range: < 2.3.1-3.6.6
- (no CPE)range: < 2.0.3-3.14.2
- (no CPE)range: < 2.3.1-3.6.6
- (no CPE)range: < 5.1.1~dev7-12.44.1
- (no CPE)range: < 5.1.1~dev7-12.44.1
- (no CPE)range: < 5.0.2~dev3-12.47.1
- (no CPE)range: < 5.0.2~dev3-12.47.1
- (no CPE)range: < 7.0.1~dev24-3.41.2
- (no CPE)range: < 9.0.8~dev7-12.42.1
- (no CPE)range: < 9.0.8~dev7-12.42.1
- (no CPE)range: < 11.2.3~dev29-14.46.1
- (no CPE)range: < 11.2.3~dev29-14.46.1
- (no CPE)range: < 13.0.10~dev24-3.42.3
- (no CPE)range: < 5.0.3~dev7-12.43.1
- (no CPE)range: < 5.0.3~dev7-12.43.1
- (no CPE)range: < 7.0.2~dev2-3.39.2
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.40.1
- (no CPE)range: < 5.0.0.0~xrc2~dev2-10.40.1
- (no CPE)range: < 15.0.3~dev3-12.43.1
- (no CPE)range: < 15.0.3~dev3-12.43.1
- (no CPE)range: < 17.0.1~dev30-3.37.2
- (no CPE)range: < 9.0.8~dev22-12.49.1
- (no CPE)range: < 9.0.8~dev22-12.49.1
- (no CPE)range: < 11.0.4~dev4-3.41.2
- (no CPE)range: < 12.0.5~dev6-14.52.1
- (no CPE)range: < 14.1.1~dev11-4.47.2
- (no CPE)range: < 12.0.5~dev6-14.52.1
- (no CPE)range: < 9.1.8~dev8-12.45.1
- (no CPE)range: < 9.1.8~dev8-12.45.1
- (no CPE)range: < 11.1.5~dev18-4.37.2
- (no CPE)range: < 12.0.4~dev11-11.49.1
- (no CPE)range: < 12.0.4~dev11-11.49.1
- (no CPE)range: < 14.2.1~dev9-3.40.2
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.44.1
- (no CPE)range: < 5.0.2_5.0.2_5.0.2~dev31-11.44.1
- (no CPE)range: < 7.2.1~dev1-4.39.3
- (no CPE)range: < 5.1.1~dev5-12.49.1
- (no CPE)range: < 5.1.1~dev5-12.49.1
- (no CPE)range: < 7.4.2~dev60-3.45.2
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.40.1
- (no CPE)range: < 1.5.1_1.5.1_1.5.1~dev3-8.40.1
- (no CPE)range: < 1.8.2~dev3-3.39.2
- (no CPE)range: < 2.2.2~dev1-11.49.1
- (no CPE)range: < 2.2.2~dev1-11.49.1
- (no CPE)range: < 2.7.1~dev10-3.41.2
- (no CPE)range: < 4.0.2~dev3-12.42.1
- (no CPE)range: < 4.0.2~dev3-12.42.1
- (no CPE)range: < 11.0.9~dev69-13.50.1
- (no CPE)range: < 11.0.9~dev69-13.50.1
- (no CPE)range: < 13.0.8~dev209-6.47.2
- (no CPE)range: < 16.1.9~dev92-11.48.1
- (no CPE)range: < 16.1.9~dev92-11.48.1
- (no CPE)range: < 18.3.1~dev92-3.47.2
- (no CPE)range: < 1.0.6~dev3-12.45.1
- (no CPE)range: < 1.0.6~dev3-12.45.1
- (no CPE)range: < 3.2.3~dev7-4.39.2
- (no CPE)range: < 7.0.5~dev4-11.44.1
- (no CPE)range: < 7.0.5~dev4-11.44.1
- (no CPE)range: < 9.0.2~dev15-3.39.2
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.35.1
- (no CPE)range: < 2.15.2_2.15.2_2.15.2~dev32-11.35.1
- (no CPE)range: < 2.19.2~dev48-2.34.2
- (no CPE)range: < 8.0.2~dev2-11.44.1
- (no CPE)range: < 8.0.2~dev2-11.44.1
- Range: >=1.8, < 39.0.1
Patches
Vulnerability mechanics
References
10- github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3nvdPatch
- github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6rnvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-w7pp-m8wf-vj6rghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-23931ghsaADVISORY
- github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4eghsaWEB
- github.com/pyca/cryptography/pull/8230ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2024/10/msg00012.htmlnvdWEB
- security.netapp.com/advisory/ntap-20230324-0007ghsaWEB
- security.netapp.com/advisory/ntap-20230324-0007/nvd
News mentions
0No linked articles in our index yet.