A buffer-overflow flaw was found in the python-cryptography package. In certain sequences of update() calls when symmetrically encrypting very large payloads (>2GB) could result in an integer overflow, leading to buffer overflows. Note: This fix is a workaround for the OpenSSL CVE-2021-23840 flaw. Source: pyca/cryptography project

Mitigation

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.

References

bugzilla.redhat.com/show_bug.cgi?id=1926226

cryptography.io/en/latest/changelog.html#v3-3-2

nvd.nist.gov/vuln/detail/CVE-2020-36242

www.cve.org/CVERecord?id=CVE-2020-36242

hackerone 1

fedora 1

veracode 2

nessus 83

osv 15

debiancve 2

cve 2

cbl_mariner 1

github 2

photon 8

alpinelinux 2

prion 2

suse 5

ibm 30

ubuntucve 2

mageia 2

archlinux 2

rustsec 1

f5 1

cloudlinux 1

githubexploit 1

openssl 1

redhatcve 1

almalinux 3

oraclelinux 6

redhat 4

rocky 3

altlinux 2

amazon 3

debian 4

cloudfoundry 1

centos 1

freebsd_advisory 1

ubuntu 1

ics 1

redos 1

hackerone

Internet Bug Bounty: Integer overflow in CipherUpdate

2021-02-27 21:14:37

fedora

[SECURITY] Fedora 33 Update: python-cryptography-3.2.1-2.fc33

2021-02-12 01:44:24

veracode

Denial Of Service (DoS)

2021-02-08 06:02:38

Denial Of Service (DoS)

2021-02-17 18:09:31

nessus

openSUSE Security Update : python-cryptography (openSUSE-2021-349)

2021-03-01 00:00:00

SUSE SLES12 Security Update : python-cryptography (SUSE-SU-2021:0675-1)

2021-03-03 00:00:00

EulerOS 2.0 SP9 : python-cryptography (EulerOS-SA-2021-2252)

2021-08-09 00:00:00

osv

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

2021-02-10 01:32:27

PYSEC-2021-63

2021-02-07 20:15:00

CVE-2020-36242

2021-02-07 20:15:12

debiancve

CVE-2020-36242

2021-02-07 20:15:00

CVE-2021-23840

2021-02-16 17:15:00

cve

CVE-2020-36242

2021-02-07 20:15:00

CVE-2021-23840

2021-02-16 17:15:00

cbl_mariner

CVE-2020-36242 affecting package python-cryptography 2.3.1-4

2021-03-03 03:44:07

github

PyCA Cryptography symmetrically encrypting large values can lead to integer overflow

2021-02-10 01:32:27

Integer Overflow in openssl-src

2021-08-25 20:52:19

photon

Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0400

2021-06-08 00:00:00

Critical Photon OS Security Update - PHSA-2021-0027

2021-05-18 00:00:00

Critical Photon OS Security Update - PHSA-2021-0400

2021-06-08 00:00:00

alpinelinux

CVE-2020-36242

2021-02-07 20:15:00

CVE-2021-23840

2021-02-16 17:15:00

prion

Integer overflow

2021-02-07 20:15:00

Design/Logic Flaw

2021-02-16 17:15:00

suse

Security update for python-cryptography (important)

2021-02-26 00:00:00

Security update for openssl-1_0_0 (moderate)

2021-03-17 00:00:00

Security update for openssl-1_1 (moderate)

2021-03-16 00:00:00

ibm

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Python cryptography

2021-10-01 06:20:42

Security Bulletin: IBM DataPower Gateway vulnerable to a DoS

2021-08-16 15:33:37

Security Bulletin: IBM MQ is vulnerable to an issue within OpenSSL (CVE-2021-23840)

2021-06-22 17:33:28

ubuntucve

CVE-2020-36242

2021-02-07 00:00:00

CVE-2021-23840

2021-02-16 00:00:00

mageia

Updated python-cryptography package fixes a security vulnerability

2021-03-12 04:25:47

Updated openssl and compat-openssl10 packages fix security vulnerabilities

2021-03-04 19:53:32

archlinux

[ASA-202102-36] python-cryptography: incorrect calculation

2021-02-27 00:00:00

[ASA-202102-42] openssl: multiple issues

2021-02-27 00:00:00

rustsec

Integer overflow in CipherUpdate

2021-05-01 12:00:00

K24624116 : OpenSSL vulnerability CVE-2021-23840

2021-02-18 00:00:00

cloudlinux

Fix of CVE: CVE-2021-23840

2021-09-21 22:03:05

githubexploit

Exploit for Integer Overflow or Wraparound in Openssl

2023-09-11 09:24:54

openssl

Vulnerability in OpenSSL CVE-2021-23840

2021-02-16 00:00:00

redhatcve

CVE-2021-23840

2021-02-18 17:04:10

almalinux

Moderate: python-cryptography security, bug fix, and enhancement update

2021-05-18 05:38:36

Moderate: openssl security and bug fix update

2021-11-09 09:21:13

Moderate: edk2 security, bug fix, and enhancement update

2021-11-09 08:37:02

oraclelinux

python-cryptography security, bug fix, and enhancement update

2021-05-25 00:00:00

openssl security and bug fix update

2021-11-16 00:00:00

openssl security update

2021-10-13 00:00:00

redhat

(RHSA-2021:1608) Moderate: python-cryptography security, bug fix, and enhancement update

2021-05-18 05:38:36

(RHSA-2021:4424) Moderate: openssl security and bug fix update

2021-11-09 09:21:13

(RHSA-2021:3798) Moderate: openssl security update

2021-10-12 13:20:50

rocky

python-cryptography security, bug fix, and enhancement update

2021-05-18 05:38:36

edk2 security, bug fix, and enhancement update

2021-11-09 08:37:02

openssl security and bug fix update

2021-11-09 09:21:13

altlinux

Security fix for the ALT Linux 9 package openssl1.1 version 1.1.1j-alt1

2021-03-17 00:00:00

Security fix for the ALT Linux 10 package openssl1.1 version 1.1.1j-alt1

2021-03-12 00:00:00

amazon

Medium: openssl

2021-02-23 20:18:00

Medium: openssl11

2021-03-18 01:40:00

Medium: openssl

2021-02-19 01:21:00

debian

[SECURITY] [DLA 2565-1] openssl1.0 security update

2021-02-18 18:10:13

[SECURITY] [DLA 2563-1] openssl security update

2021-02-18 12:11:49

[SECURITY] [DSA 4855-1] openssl security update

2021-02-17 13:40:59

cloudfoundry

USN-4738-1: OpenSSL vulnerabilities | Cloud Foundry

2021-03-02 00:00:00

centos

openssl security update

2021-11-17 14:51:29

freebsd_advisory

FreeBSD-SA-21:17.openssl

2021-08-24 00:00:00

ubuntu

OpenSSL vulnerabilities

2021-02-18 00:00:00

ics

Mitsubishi Electric MELSOFT GT OPC UA

2022-05-10 12:00:00

redos

ROS-20230620-06

2023-06-20 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

6.4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:N/A:P

0.008 Low

EPSS

Percentile

82.0%

JSON

Related for RH:CVE-2020-36242