VYPR
Moderate severityNVD Advisory· Published Nov 29, 2023· Updated Dec 18, 2025

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

CVE-2023-49083

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
cryptographyPyPI
>= 3.1, < 41.0.641.0.6

Affected products

27

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.