rpm package
suse/python-cryptography&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-36242 | — | < 2.1.4-7.34.1 | 2.1.4-7.34.1 | Feb 7, 2021 | In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. | ||
| CVE-2020-25659 | — | < 2.1.4-7.31.1 | 2.1.4-7.31.1 | Jan 11, 2021 | python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. | ||
| CVE-2018-1000808 | — | < 1.3.1-7.13.4 | 1.3.1-7.13.4 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit | ||
| CVE-2018-1000807 | — | < 1.3.1-7.13.4 | 1.3.1-7.13.4 | Oct 8, 2018 | Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab | ||
| CVE-2018-10903 | — | < 2.1.4-7.28.2 | 2.1.4-7.28.2 | Jul 30, 2018 | A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shorte |
- CVE-2020-36242Feb 7, 2021affected < 2.1.4-7.34.1fixed 2.1.4-7.34.1
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
- CVE-2020-25659Jan 11, 2021affected < 2.1.4-7.31.1fixed 2.1.4-7.31.1
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
- CVE-2018-1000808Oct 8, 2018affected < 1.3.1-7.13.4fixed 1.3.1-7.13.4
Python Cryptographic Authority pyopenssl version Before 17.5.0 contains a CWE - 401 : Failure to Release Memory Before Removing Last Reference vulnerability in PKCS #12 Store that can result in Denial of service if memory runs low or is exhausted. This attack appear to be exploit
- CVE-2018-1000807Oct 8, 2018affected < 1.3.1-7.13.4fixed 1.3.1-7.13.4
Python Cryptographic Authority pyopenssl version prior to version 17.5.0 contains a CWE-416: Use After Free vulnerability in X509 object handling that can result in Use after free can lead to possible denial of service or remote code execution.. This attack appear to be exploitab
- CVE-2018-10903Jul 30, 2018affected < 2.1.4-7.28.2fixed 2.1.4-7.28.2
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shorte