Описание
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if pkcs12.serialize_key_and_certificates is called with both a certificate whose public key did not match the provided private key and an encryption_algorithm with hmac_hash set (via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...), then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a ValueError is properly raised.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | released | 42.0.5-2 |
| esm-infra/bionic | not-affected | 2.1.4-1ubuntu1.4 |
| esm-infra/focal | not-affected | 2.8-3ubuntu0.2 |
| esm-infra/xenial | not-affected | 1.2.3-1ubuntu0.3 |
| focal | not-affected | 2.8-3ubuntu0.2 |
| jammy | not-affected | 3.4.8-1ubuntu2.1 |
| mantic | released | 38.0.4-4ubuntu0.23.10.2 |
| noble | released | 41.0.7-4ubuntu0.1 |
| trusty | DNE |
Показывать по
7.5 High
CVSS3
Связанные уязвимости
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
cryptography is a package designed to expose cryptographic primitives ...
7.5 High
CVSS3