Lucene search
K
Cryptography.ioCryptography*

4 matches found

CVE
CVE
β€’added 2021/02/07 7:50 p.m.β€’536 views

CVE-2020-36242

The CVE refers to the Python cryptography package prior to 3.3.2. The issue arises from certain sequences of update() calls when symmetrically encrypting very large (multi-GB) payloads, which can trigger an integer overflow and buffer overflow, as demonstrated by the Fernet class. This affects cr...

9.1CVSS9.2AI score0.06718EPSS
CVE
CVE
β€’added 2024/02/05 8:45 p.m.β€’524 views

CVE-2023-50782

CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...

7.5CVSS7.2AI score0.02454EPSS
CVE
CVE
β€’added 2026/02/10 9:42 p.m.β€’145 views

CVE-2026-26007

CVE-2026-26007 describes a vulnerability in the cryptography package where public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() do not validate that a key point belongs to the expected prime-order subgroup. This allows small-subgroup k...

8.2CVSS5.6AI score0.00341EPSS
CVE
CVE
β€’added 2026/03/31 2:4 a.m.β€’61 views

CVE-2026-34073

CVE-2026-34073 affects the Python cryptography package. Before 46.0.6, DNS name constraints were validated only against SANs in child certificates, not the peer name presented during validation, allowing a peer with a name like bar.example.com to validate against a wildcard certificate for *.exam...

6.3CVSS5.8AI score0.00154EPSS