CVE-2017-1000246

Опубликовано: 17 нояб. 2017

Источник: debian

EPSS Низкий

Описание

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-pysaml2	fixed	4.5.0-4		package
python-pysaml2	no-dsa		stretch	package
python-pysaml2	no-dsa		jessie	package

Примечания

https://github.com/rohe/pysaml2/issues/417
https://github.com/c00kiemon5ter/pysaml2/commit/7323f5c20efb59424d853c822e7a26d1aa3e84aa

EPSS

Процентиль: 32%

0.00122

Низкий

Связанные уязвимости

CVE-2017-1000246

CVSS3: 5.3

ubuntu

около 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

CVE-2017-1000246

CVSS3: 5.3

redhat

больше 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

CVE-2017-1000246

CVSS3: 5.3

nvd

около 8 лет назад

Python package pysaml2 version 4.4.0 and earlier reuses the initialization vector across encryptions in the IDP server, resulting in weak encryption of data.

GHSA-cq94-qf6q-mf2h

CVSS3: 5.3

github

больше 7 лет назад

Pysaml2 improperly initializes encryption vector

EPSS

Процентиль: 32%

0.00122

Низкий