593 matches found
PYSEC-2018-52
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
DEBIAN-CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
Ubuntu 18.04 LTS : python-cryptography vulnerability (USN-3720-1)
The remote Ubuntu 18.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3720-1 advisory. It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information. Tenable...
USN-3720-1: python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information...
USN-3720-1 python-cryptography vulnerability
It was discovered that python-cryptography incorrectly handled certain inputs. An attacker could possibly use this to get access to sensitive information...
[SECURITY] Fedora 28 Update: python-cryptography-vectors-2.3-1.fc28
Test vectors for the cryptography package. The only purpose of this package is to be a building requirement for python-cryptography, otherwise it has no use. Don=EF=BF=BD=EF=BF=BD=EF=BF =BDt install it unless you really know what you are doing...
Fedora Update for python-cryptography FEDORA-2018-a9fe5e183e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora Update for python-cryptography-vectors FEDORA-2018-a9fe5e183e
The remote host is missing an update for the SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Information Disclosure
python-cryptography is vulnerable to a key leakage. A lack of input validation on the finalizewithtag API allows an attacker to forge a GCM tag by crafting an invalid payload with a shortened tag to bypass the MAC check in a 1 in 256 chance, resulting in a possible key leakage...
PT-2018-10171 · Python +2 · Python-Cryptography +2
Name of the Vulnerable Software and Affected Versions: python-cryptography versions 1.9.0 through 2.3 Description: A flaw was found in the finalize with tag API, which did not enforce a minimum tag length. This allows an attacker to craft an invalid payload with a shortened tag, potentially leadi...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
UBUNTU-CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
USN-3199-3: Python Crypto vulnerability
USN-3199-1 fixed a vulnerability in Python Crypto. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: It was discovered that the ALGnew function in blocktemplace.c in the Python Cryptography Toolkit contained a heap-based buffer overflow vulnerability. ...
Ubuntu 14.04 LTS / 16.04 LTS : Python Crypto regression (USN-3199-2)
The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3199-2 advisory. USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python...
USN-3199-2: Python Crypto regression
USN-3199-1 fixed a vulnerability in the Python Cryptography Toolkit. Unfortunately, various programs depended on the original behavior of the Python Cryptography Toolkit which was altered when fixing the vulnerability. This update retains the fix for the vulnerability but issues a warning rather...
PYSEC-2017-94
Heap-based buffer overflow in the ALGnew function in blocktemplace.c in Python Cryptography Toolkit aka pycrypto allows remote attackers to execute arbitrary code as demonstrated by a crafted iv parameter to cryptmsg.py...