4 matches found
SUSE CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
PYSEC-2018-52
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
DEBIAN-CVE-2018-10903
A flaw was found in python-cryptography versions between =1.9.0 and 2.3. The finalizewithtag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalizewithtag an attacker could craft an invalid payload with a shortened tag e.g. 1 byte suc...
PT-2018-10171 · Python +2 · Python-Cryptography +2
Name of the Vulnerable Software and Affected Versions: python-cryptography versions 1.9.0 through 2.3 Description: A flaw was found in the finalize with tag API, which did not enforce a minimum tag length. This allows an attacker to craft an invalid payload with a shortened tag, potentially leadi...