12 matches found
Cipher.update_into can corrupt memory in pyca cryptography
...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
Medium: python-cryptography
Issue Overview: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects su...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
python-cryptography: memory corruption via immutable objects
A vulnerability was found in python-cryptography. In affected versions, Cipher.updateinto would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects such as bytes to be mutated, thus violating the fundamental rules of...
UBUNTU-CVE-2023-23931
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
PYSEC-2023-11
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects such as bytes to b...
GHSA-W7PP-M8WF-VJ6R Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
Previously, Cipher.updateinto would accept Python objects which implement the buffer protocol, but provide only immutable buffers: pycon outbuf = b"\x00" 32 c = ciphers.CipherAESb"\x00" 32, modes.ECB.encryptor c.updateintob"\x00" 16, outbuf 16 outbuf...
PT-2023-2766 · Pypi +10 · Cryptography +10
Name of the Vulnerable Software and Affected Versions: cryptography versions 1.8 through the latest version before the fix Description: The issue is related to the Cipher.update into function in the cryptography package, which would accept Python objects that implement the buffer protocol but...