rpm package

suse/python-cryptography&distro=SUSE Linux Enterprise Real Time 15 SP3

pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP3

Vulnerabilities (3)

CVE	CVSS	Affected versions	Fixed in	Published	Description
CVE-2023-23931	—	< 3.3.2-150200.19.1	3.3.2-150200.19.1	Feb 7, 2023	cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable object
CVE-2020-36242	—	< 3.3.2-150200.16.1	3.3.2-150200.16.1	Feb 7, 2021	In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659	—	< 3.3.2-150200.16.1	3.3.2-150200.16.1	Jan 11, 2021	python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVE-2023-23931Feb 7, 2023
affected < 3.3.2-150200.19.1fixed 3.3.2-150200.19.1
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable object
CVE-2020-36242Feb 7, 2021
affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
CVE-2020-25659Jan 11, 2021
affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.