CVE-2023-38325

Опубликовано: 14 июл. 2023

Источник: debian

EPSS Низкий

Описание

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Пакет	Статус	Версия исправления	Релиз	Тип
python-cryptography	not-affected			package

https://github.com/pyca/cryptography/issues/9207
https://github.com/pyca/cryptography/pull/9208
Introduced after: https://github.com/pyca/cryptography/commit/aca8de845e751dd45fe4e48f8492f357d34d1861 (40.0.0)
Fixed by: https://github.com/pyca/cryptography/commit/1ca7adc97b76a9dfbd3d850628b613eb93b78fc3 (main)
Fixed by: https://github.com/pyca/cryptography/commit/e190ef190525999d1f599cf8c3aef5cb7f3a8bc4 (41.0.2)

EPSS

Процентиль: 71%

0.00706

Низкий

CVE-2023-38325

CVSS3: 7.5

ubuntu

почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

CVE-2023-38325

CVSS3: 7.5

redhat

почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

CVE-2023-38325

CVSS3: 7.5

nvd

почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

CVE-2023-38325

CVSS3: 7.5

msrc

12 месяцев назад

Описание отсутствует

GHSA-cf7p-gm2m-833m

CVSS3: 7.5

github

почти 2 года назад

cryptography mishandles SSH certificates

EPSS

Процентиль: 71%

0.00706

Низкий