4 matches found
CVE-2020-36242
The CVE refers to the Python cryptography package prior to 3.3.2. The issue arises from certain sequences of update() calls when symmetrically encrypting very large (multi-GB) payloads, which can trigger an integer overflow and buffer overflow, as demonstrated by the Fernet class. This affects cr...
CVE-2023-50782
CVE-2023-50782 affects the python-cryptography library across multiple Linux distributions. The underlying issue is a Bleichenbacher timing/PKCS#1 v1.5 RSA decryption handling flaw that could allow a remote attacker to decrypt TLS RSA-exchange messages, potentially exposing confidential data. Aff...
CVE-2026-26007
CVE-2026-26007 describes a vulnerability in the cryptography package where public_key_from_numbers, EllipticCurvePublicNumbers.public_key(), load_der_public_key(), and load_pem_public_key() do not validate that a key point belongs to the expected prime-order subgroup. This allows small-subgroup k...
CVE-2026-34073
CVE-2026-34073 affects the Python cryptography package. Before 46.0.6, DNS name constraints were validated only against SANs in child certificates, not the peer name presented during validation, allowing a peer with a name like bar.example.com to validate against a wildcard certificate for *.exam...