VYPR

rpm package

suse/python-cryptography&distro=SUSE Linux Enterprise Server for SAP Applications 15 SP3

pkg:rpm/suse/python-cryptography&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP3

Vulnerabilities (2)

  • CVE-2020-36242CriFeb 7, 2021
    affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1

    In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

  • CVE-2020-25659MedJan 11, 2021
    affected < 3.3.2-150200.16.1fixed 3.3.2-150200.16.1

    python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.