Showing 1 - 3 of 3

CVE-2024-26130

Status Candidate

Overview

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

Related Files

Gentoo Linux Security Advisory 202407-06: Posted Jul 1, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2020-36242, CVE-2023-23931, CVE-2023-49083, CVE-2024-26130; SHA-256 | f8620483b3b729d77ad368cacfffca0d4fba7017da142ea0d7b075a566f1f717; Download | Favorite | View

Ubuntu Security Notice USN-6673-3: Posted May 28, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6673-3 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.; tags | advisory, remote, denial of service, python; systems | linux, ubuntu; advisories | CVE-2024-26130; SHA-256 | fae6e3df5e57be08d838136e5bf26a4b931c04ece1afafb337e7383996700614; Download | Favorite | View

Ubuntu Security Notice USN-6673-1: Posted Mar 4, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.; tags | advisory, remote, denial of service, python; systems | linux, ubuntu; advisories | CVE-2023-50782, CVE-2024-26130; SHA-256 | 01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 286 files
indoushka 161 files
Jay Turla 150 files
Ubuntu 71 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,104)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,119)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (387)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,128)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,774)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,823)
UNIX (9,453)
UnixWare (188)
Windows (6,765)
Other

CVE-2024-26130

Overview

Related Files

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems