Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

rocky логотип

RLSA-2024:3105

Опубликовано: 07 мая 2025
Источник: rocky
Оценка: Moderate

Описание

Moderate: python3.11-cryptography security update

The python-cryptography packages contain a Python Cryptographic Authority's (PyCA's) cryptography library, which provides cryptographic primitives and recipes to Python developers.

Security Fix(es):

  • python-cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Rocky Linux 8.10 Release Notes linked from the References section.

Затронутые продукты

  • Rocky Linux 8

НаименованиеАрхитектураРелизRPM
python3.11-cryptographyx86_646.el8python3.11-cryptography-37.0.2-6.el8.x86_64.rpm

Показывать по

Связанные CVE

CVE-2023-49083

Ссылки на источники

Исправления

Связанные уязвимости

ubuntu логотип

CVE-2023-49083

CVSS3: 5.9
ubuntu
больше 1 года назад

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

redhat логотип

CVE-2023-49083

CVSS3: 7.5
redhat
больше 1 года назад

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

nvd логотип

CVE-2023-49083

CVSS3: 5.9
nvd
больше 1 года назад

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

msrc логотип

CVE-2023-49083

CVSS3: 7.5
msrc
больше 1 года назад

Описание отсутствует

debian логотип

CVE-2023-49083

CVSS3: 5.9
debian
больше 1 года назад

cryptography is a package designed to expose cryptographic primitives ...