Описание
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | not-affected | 2.1.4-1ubuntu1.4 |
| devel | released | 3.3.2-1 |
| esm-infra-legacy/trusty | DNE | |
| esm-infra/bionic | not-affected | 2.1.4-1ubuntu1.4 |
| esm-infra/focal | not-affected | 2.8-3ubuntu0.1 |
| esm-infra/xenial | not-affected | 1.2.3-1ubuntu0.3 |
| focal | not-affected | 2.8-3ubuntu0.1 |
| groovy | not-affected | 3.0-1ubuntu0.1 |
| precise/esm | DNE | |
| trusty | ignored | end of standard support |
Показывать по
6.4 Medium
CVSS2
9.1 Critical
CVSS3
Связанные уязвимости
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
In the cryptography package before 3.3.2 for Python, certain sequences ...
6.4 Medium
CVSS2
9.1 Critical
CVSS3