CVE-2016-9243

Опубликовано: 27 мар. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

Ссылки

http://www.openwall.com/lists/oss-security/2016/11/09/2
Mailing List
Patch
VDB Entry
http://www.securityfocus.com/bid/94216
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3138-1
Third Party Advisory
https://cryptography.io/en/latest/changelog
Release Notes
Third Party Advisory
https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
Patch
Third Party Advisory
https://github.com/pyca/cryptography/issues/3211
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/09/2
Mailing List
Patch
VDB Entry
http://www.securityfocus.com/bid/94216
Broken Link
Third Party Advisory
VDB Entry
http://www.ubuntu.com/usn/USN-3138-1
Third Party Advisory
https://cryptography.io/en/latest/changelog
Release Notes
Third Party Advisory
https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874
Patch
Third Party Advisory
https://github.com/pyca/cryptography/issues/3211
Issue Tracking
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/
Mailing List
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*

Версия до 1.5.2 (включая)

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Конфигурация 3

Одно из

cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*

cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

EPSS

Процентиль: 82%

0.0165

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2016-9243

CVSS3: 7.5

ubuntu

почти 9 лет назад

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

CVE-2016-9243

CVSS3: 4.8

redhat

больше 9 лет назад

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.

CVE-2016-9243

CVSS3: 7.5

debian

почти 9 лет назад

HKDF in cryptography before 1.5.2 returns an empty byte-string if used ...

GHSA-q3cj-2r34-2cwc

CVSS3: 7.5

github

больше 3 лет назад

Improper input validation in cryptography

EPSS

Процентиль: 82%

0.0165

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo