JWCrypto: python-cryptography: python: JWCrypto: Memory exhaustion via crafted compressed JWE tokens

A flaw was found in JWCrypto, a Python library for JSON Web Key JWK, JSON Web Signature JWS, and JSON Web Encryption JWE specifications. An unauthenticated attacker can exploit this vulnerability by sending specially crafted JWE tokens that use ZIP compression. While the input token size is...

cryptography 安全漏洞

cryptography is a Python cryptographic authority open-source library. Versions of cryptography from 45.0.0 to 46.0.7 had security vulnerabilities; these vulnerabilities stemmed from improper buffer handling, which could lead to buffer overflows...

OESA-2026-1672 python-cryptography security update

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Security Fixes: This vulnerability exists in the pyca cryptography library due to missing subgroup validation for SECT curves. An attacker could exploit this to perform subgroup attacks,...

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

...

PYSEC-2020-99

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior such as by...