High severityNVD Advisory· Published Nov 16, 2023· Updated Jan 7, 2025
CVE-2023-48056
CVE-2023-48056
Description
PyPinkSign v0.5.1 uses a non-random or static IV for Cipher Block Chaining (CBC) mode in AES encryption. This vulnerability can lead to the disclosure of information and communications.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
pypinksignPyPI | <= 0.5.1 | — |
Affected products
2- PyPinkSign/PyPinkSigndescription
Patches
Vulnerability mechanics
References
10- github.com/advisories/GHSA-fxff-wxxv-c2jcghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-48056ghsaADVISORY
- github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.pyghsaWEB
- github.com/bandoche/PyPinkSign/blob/main/pypinksign/pypinksign.pyghsaWEB
- github.com/bandoche/PyPinkSign/commit/e1809ddf6a266e9007e10f0486b462fa7f89a43dghsaWEB
- github.com/bandoche/PyPinkSign/issues/29ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/pypinksign/PYSEC-2023-245.yamlghsaWEB
- gxx777.github.io/PyPinkSign_v0.5.1_Cryptographic_API_Misuse_Vulnerability.mdghsaWEB
- bandoche.commitre
- pypinksign.commitre
News mentions
0No linked articles in our index yet.