rpm package

suse/python-cryptography&distro=SUSE Linux Enterprise High Performance Computing 15 SP2-LTSS

pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSS

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2020-36242	—	< 3.3.2-150200.16.1	3.3.2-150200.16.1	Feb 7, 2021	In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659	—	< 3.3.2-150200.16.1	3.3.2-150200.16.1	Jan 11, 2021	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
CVE-2018-10903	—	< 2.9.2-150200.13.1	2.9.2-150200.13.1	Jul 30, 2018	A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shorte

CVE-2020-36242Feb 7, 2021
affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659Jan 11, 2021
affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
CVE-2018-10903Jul 30, 2018
affected < 2.9.2-150200.13.1fixed 2.9.2-150200.13.1
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shorte