AlmaLinux 9 : python3.12-cryptography (ALSA-2025:15608)

The remote AlmaLinux 9 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2025:15608 advisory. python-cryptography: NULL pointer dereference with pkcs12.serializekeyandcertificates when called with a non-matching certificate and private key and an hmachash...

The vulnerability of the `pkcs12.serialize_key_and_certificates` function in the Python programming language’s cryptography package allows a malicious actor to cause a Python program to crash.

The vulnerability of the pkcs12.serializekeyandcertificates function in the Python programming language’s cryptography package is related to the use of a NULL pointer. Exploiting this vulnerability could allow an attacker to cause a crash in a Python process remotely...

cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

If pkcs12.serializekeyandcertificates is called with both: 1. A certificate whose public key did not match the provided private key 2. An encryptionalgorithm with hmachash set via PrivateFormat.PKCS12.encryptionbuilder.hmachash... Then a NULL pointer dereference would occur, crashing the Python...