Cryptography Security Vulnerabilities
HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
7.5CVSS
7.2AI Score
0.004EPSS
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
5.9CVSS
5.7AI Score
0.001EPSS
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
9.1CVSS
9.2AI Score
0.008EPSS
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to ...
6.5CVSS
6.7AI Score
0.001EPSS
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
7.5CVSS
7.5AI Score
0.001EPSS
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Serv...
7.5CVSS
7.4AI Score
0.001EPSS
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
7.5CVSS
7.2AI Score
0.001EPSS