Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2023-38325

Опубликовано: 15 июл. 2023
Источник: redhat
CVSS3: 7.5
EPSS Низкий

Описание

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

Отчет

OpenSSH certificate parsing was introduced in python-cryptography v40.0.0 and fixed in upstream release v41.0.2. Since, Red Hat Enterprise Linux - 7, 8, 9 ships lower versions of python-cryptography (releases < v40.0.0), those are not affected by this CVE.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Ansible Automation Platform 1.2ansible-towerNot affected
Red Hat Ansible Automation Platform 2ansible-lintNot affected
Red Hat Ansible Automation Platform 2ansible-navigatorNot affected
Red Hat Ansible Automation Platform 2automation-controllerNot affected
Red Hat Ansible Automation Platform 2python3x-ansible-compatNot affected
Red Hat Ansible Automation Platform 2python3x-cryptographyNot affected
Red Hat Ansible Automation Platform 2python-ansible-compatNot affected
Red Hat Ansible Automation Platform 2python-cryptographyNot affected
Red Hat Certification for Red Hat Enterprise Linux 6redhat-certification-backendNot affected
Red Hat Certification for Red Hat Enterprise Linux 8redhat-certification-baremetal-containerNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-295
https://bugzilla.redhat.com/show_bug.cgi?id=2231271python-cryptography: SSH certificate encoding/parsing incompatibility with OpenSSH

EPSS

Процентиль: 71%
0.00706
Низкий

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2023-38325

CVSS3: 7.5
ubuntu
почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

nvd логотип

CVE-2023-38325

CVSS3: 7.5
nvd
почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

msrc логотип

CVE-2023-38325

CVSS3: 7.5
msrc
12 месяцев назад

Описание отсутствует

debian логотип

CVE-2023-38325

CVSS3: 7.5
debian
почти 2 года назад

The cryptography package before 41.0.2 for Python mishandles SSH certi ...

github логотип

GHSA-cf7p-gm2m-833m

CVSS3: 7.5
github
почти 2 года назад

cryptography mishandles SSH certificates

EPSS

Процентиль: 71%
0.00706
Низкий

7.5 High

CVSS3