CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
82.3%
Severity: Medium
Date : 2021-02-27
CVE-ID : CVE-2020-36242
Package : python-cryptography
Type : incorrect calculation
Remote : No
Link : https://security.archlinux.org/AVG-1541
The package python-cryptography before version 3.4-1 is vulnerable to
incorrect calculation.
Upgrade to 3.4-1.
The problem has been fixed upstream in version 3.4.
None.
In python-cryptography before version 3.3.2, certain sequences of
update calls to symmetrically encrypt multiple gigabytes of data could
result in an integer overflow, leading to mishandling of buffers.
Unintentional use of the API could lead to buffer mishandling, causing
application crashes or incorrectly encrypted data.
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
https://github.com/pyca/cryptography/issues/5615
https://github.com/pyca/cryptography/pull/5747
https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae
https://security.archlinux.org/CVE-2020-36242
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ArchLinux | any | any | python-cryptography | < 3.4-1 | UNKNOWN |
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS
Percentile
82.3%