Ubuntu 16.04 LTS : python-cryptography vulnerability (USN-6673-2)

The remote Ubuntu 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6673-2 advisory. USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 16.04 LTS. Tenable has extracted the...

python-cryptography bug fix update

An update is available for python-cryptography. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The python-cryptography packages contain a Python Cryptographic...

SUSE CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

Huawei EulerOS: Security Advisory for python-cryptography (EulerOS-SA-2024-1293)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS 2.0 SP8 : python-cryptography (EulerOS-SA-2024-1293)

According to the versions of the python-cryptography packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions...

CVE-2024-28102

Summary: CVE-2024-28102 affects the Python JWCrypto/JWCrypto implementation. Before 1.5.6, processing a malicious JWE token with a high compression ratio can cause a DoS by consuming excessive memory and CPU time; the vulnerability stems from the token deserialization path. Affected component: py...

CVE-2024-28102

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

CVE-2024-28102 JWCrypto vulnerable to JWT bomb Attack in `deserialize` function

JWCrypto implements JWK, JWS, and JWE specifications using python-cryptography. Prior to version 1.5.6, an attacker can cause a denial of service attack by passing in a malicious JWE Token with a high compression ratio. When the server processes this token, it will consume a lot of memory and...

SUSE-SU-2024:0763-1 Security update for python-cryptography

This update for python-cryptography fixes the following issues: - CVE-2024-26130: Fixed NULL pointer dereference in pkcs12.serializekeyandcertificates bsc1220210...

Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 : python-cryptography vulnerabilities (USN-6673-1)

The remote Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS / 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6673-1 advisory. Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing...

Ubuntu: Security Advisory (USN-6673-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-6673-1: python-cryptography vulnerabilities

Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. CVE-2023-50782 It was discovered that...

USN-6673-1 python-cryptography vulnerabilities

Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. CVE-2023-50782 It was discovered that...

CentOS 9 : python-cryptography-36.0.1-3.el9

The remote CentOS Linux 9 host has a package installed that is affected by a vulnerability as referenced in the python- cryptography-36.0.1-3.el9 build changelog. - Don't allow updateinto to mutate immutable objects, resolves rhbz2172399 CVE-2023-23931 Note that Nessus has not tested for this iss...

OESA-2024-1195 python-jwcrypto security update

Implements JWK, JWS, JWE specifications with python-cryptography Security Fixes: A vulnerability was found in JWCrypto. This flaw allows an attacker to cause a denial of service DoS attack and possible password brute-force and dictionary attacks to be more resource-intensive. This issue can resul...

python-cryptography Security Vulnerabilities

python-cryptography is a Python code library for cryptographic applications from the Cryptographic team. A security vulnerability exists in python-cryptography version 38.0.0 through versions prior to 42.0.4, which stems from a NULL pointer dereference that can cause a Python process to crash...

Fedora 39 : python-cryptography (2024-91f5df4002)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-91f5df4002 advisory. Security fix for CVE-2023-49083 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

Fedora: Security Advisory (FEDORA-2024-91f5df4002)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...