Описание
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-cryptography | fixed | 1.5.3-1 | package | |
| python-cryptography | fixed | 0.6.1-1+deb8u1 | jessie | package |
Примечания
Upstream bug: https://github.com/pyca/cryptography/issues/3211
Upstream commit: https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
https://www.openwall.com/lists/oss-security/2016/11/08/6
Связанные уязвимости
CVSS3: 7.5
ubuntu
почти 9 лет назад
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVSS3: 4.8
redhat
больше 9 лет назад
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
CVSS3: 7.5
nvd
почти 9 лет назад
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
