Описание
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| python-cryptography | fixed | 46.0.7-1 | package | |
| python-cryptography | not-affected | trixie | package | |
| python-cryptography | not-affected | bookworm | package | |
| python-cryptography | not-affected | bullseye | package |
Примечания
https://github.com/pyca/cryptography/security/advisories/GHSA-p423-j2cm-9vmq
Introduced with: https://github.com/pyca/cryptography/commit/6801b2eb6554abfcb8e4bb48e97a01cdb6f69798 (45.0.0)
Fixed by: https://github.com/pyca/cryptography/commit/c09d38ae52de7d95fe683b7a7c496f5751616f27 (main)
Fixed by: https://github.com/pyca/cryptography/commit/622d672e429a7cff836a23c5903683dbec1901f5 (46.0.7)
EPSS
Связанные уязвимости
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. From 45.0.0 to before 46.0.7, if a non-contiguous buffer was passed to APIs which accepted Python buffers (e.g. Hash.update()), this could lead to buffer overflows. This vulnerability is fixed in 46.0.7.
Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
EPSS