Medium severity5.9NVD Advisory· Published Nov 29, 2023· Updated Jun 17, 2026
CVE-2023-49083
CVE-2023-49083
Description
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
cryptographyPyPI | >= 3.1, < 41.0.6 | 41.0.6 |
Affected products
27- osv-coords26 versionspkg:apk/chainguard/mitmproxypkg:apk/chainguard/py3-cassandra-medusapkg:apk/chainguard/py3-cassandra-medusa-compatpkg:apk/wolfi/mitmproxypkg:apk/wolfi/py3-cassandra-medusapkg:apk/wolfi/py3-cassandra-medusa-compatpkg:pypi/cryptographypkg:rpm/almalinux/python3.11-cryptographypkg:rpm/almalinux/python3-cryptographypkg:rpm/opensuse/python3-cryptography&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python3-cryptography&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python3-cryptography&distro=openSUSE%20Leap%20Micro%205.3pkg:rpm/opensuse/python3-cryptography&distro=openSUSE%20Leap%20Micro%205.4pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python-cryptography&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python3-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python3-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.4pkg:rpm/suse/python3-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.5pkg:rpm/suse/python3-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python3-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP5pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2015%20SP1pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP4pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5
< 12.2.1-r0+ 25 more
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 0.19.1-r1
- (no CPE)range: < 0.19.1-r1
- (no CPE)range: < 12.2.1-r0
- (no CPE)range: < 0.19.1-r1
- (no CPE)range: < 0.19.1-r1
- (no CPE)range: >= 3.1, < 41.0.6
- (no CPE)range: < 37.0.2-6.el9
- (no CPE)range: < 3.2.1-8.el8_10
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 41.0.3-150400.16.12.1
- (no CPE)range: < 41.0.3-150400.16.12.1
- (no CPE)range: < 41.0.7-1.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150400.23.1
- (no CPE)range: < 3.3.2-150200.22.1
- (no CPE)range: < 3.3.2-150200.22.1
- (no CPE)range: < 3.3.2-150100.7.18.1
- (no CPE)range: < 41.0.3-150400.16.12.1
- (no CPE)range: < 41.0.3-150400.16.12.1
- Range: >= 3.1, < 41.0.6
Patches
Vulnerability mechanics
References
10- github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48anvdPatchWEB
- github.com/pyca/cryptography/pull/9926nvdIssue TrackingPatchWEB
- github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97nvdExploitVendor AdvisoryWEB
- github.com/advisories/GHSA-jfhm-5ghh-2f97ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2023-49083ghsaADVISORY
- www.openwall.com/lists/oss-security/2023/11/29/2ghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-254.yamlghsaWEB
- lists.debian.org/debian-lts-announce/2024/10/msg00012.htmlnvdWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXVghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/nvd
News mentions
0No linked articles in our index yet.