rpm package
suse/python-cryptography&distro=SUSE Linux Enterprise Module for Python 3 15 SP6
pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP6
Vulnerabilities (2)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-3416 | Low | 3.7 | < 41.0.3-150600.23.6.1 | 41.0.3-150600.23.6.1 | Apr 8, 2025 | A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string. | |
| CVE-2024-26130 | — | < 41.0.3-150600.23.3.1 | 41.0.3-150600.23.3.1 | Feb 21, 2024 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided |
- affected < 41.0.3-150600.23.6.1fixed 41.0.3-150600.23.6.1
A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.
- CVE-2024-26130Feb 21, 2024affected < 41.0.3-150600.23.3.1fixed 41.0.3-150600.23.3.1
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided