High severity7.5NVD Advisory· Published Jul 14, 2023· Updated Jun 17, 2026
CVE-2023-38325
CVE-2023-38325
Description
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | >= 40.0.0, < 41.0.2 | 41.0.2 |
Affected products
23- Python/cryptographydescription
- osv-coords22 versionspkg:apk/chainguard/condapkg:apk/chainguard/conda-initpkg:apk/chainguard/conda-wrapperpkg:apk/chainguard/py3.10-condapkg:apk/chainguard/py3.10-conda-binpkg:apk/chainguard/py3.11-condapkg:apk/chainguard/py3.11-conda-binpkg:apk/chainguard/py3.12-condapkg:apk/chainguard/py3.12-conda-binpkg:apk/chainguard/py3-supported-condapkg:apk/wolfi/condapkg:apk/wolfi/conda-initpkg:apk/wolfi/conda-wrapperpkg:apk/wolfi/py3.10-condapkg:apk/wolfi/py3.10-conda-binpkg:apk/wolfi/py3.11-condapkg:apk/wolfi/py3.11-conda-binpkg:apk/wolfi/py3.12-condapkg:apk/wolfi/py3.12-conda-binpkg:apk/wolfi/py3-supported-condapkg:pypi/cryptographypkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Tumbleweed
< 23.7.2-r1+ 21 more
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: < 23.7.2-r1
- (no CPE)range: >= 40.0.0, < 41.0.2
- (no CPE)range: < 41.0.2-2.1
Patches
Vulnerability mechanics
References
14- github.com/pyca/cryptography/compare/41.0.1...41.0.2nvdPatchWEB
- github.com/pyca/cryptography/pull/9208nvdPatchVendor AdvisoryWEB
- github.com/pyca/cryptography/issues/9207nvdExploitIssue TrackingPatchVendor AdvisoryWEB
- github.com/advisories/GHSA-cf7p-gm2m-833mghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-38325ghsaADVISORY
- github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3ghsaWEB
- github.com/pyca/cryptography/pull/7960ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-112.yamlghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZKghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZKghsaWEB
- pypi.org/project/cryptography/nvdRelease NotesWEB
- security.netapp.com/advisory/ntap-20230824-0010ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/nvd
- security.netapp.com/advisory/ntap-20230824-0010/nvd
News mentions
0No linked articles in our index yet.