Showing 1 - 3 of 3

CVE-2024-26130

Status Candidate

Overview

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

Related Files

Gentoo Linux Security Advisory 202407-06: Posted Jul 1, 2024; Authored by Gentoo | Site security.gentoo.org; Gentoo Linux Security Advisory 202407-6 - Multiple vulnerabilities have been discovered in cryptography, the worst of which could lead to a denial of service. Versions greater than or equal to 42.0.4 are affected.; tags | advisory, denial of service, vulnerability; systems | linux, gentoo; advisories | CVE-2020-36242, CVE-2023-23931, CVE-2023-49083, CVE-2024-26130; SHA-256 | f8620483b3b729d77ad368cacfffca0d4fba7017da142ea0d7b075a566f1f717; Download | Favorite | View

Ubuntu Security Notice USN-6673-3: Posted May 28, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6673-3 - USN-6673-1 provided a security update for python-cryptography. This update provides the corresponding update for Ubuntu 24.04 LTS. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.; tags | advisory, remote, denial of service, python; systems | linux, ubuntu; advisories | CVE-2024-26130; SHA-256 | fae6e3df5e57be08d838136e5bf26a4b931c04ece1afafb337e7383996700614; Download | Favorite | View

Ubuntu Security Notice USN-6673-1: Posted Mar 4, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 6673-1 - Hubert Kario discovered that python-cryptography incorrectly handled errors returned by the OpenSSL API when processing incorrect padding in RSA PKCS#1 v1.5. A remote attacker could possibly use this issue to expose confidential or sensitive information. It was discovered that python-cryptography incorrectly handled memory operations when processing mismatched PKCS#12 keys. A remote attacker could possibly use this issue to cause python-cryptography to crash, leading to a denial of service. This issue only affected Ubuntu 23.10.; tags | advisory, remote, denial of service, python; systems | linux, ubuntu; advisories | CVE-2023-50782, CVE-2024-26130; SHA-256 | 01de93cd85b2bb26752f49682241d7f6847ee989213ef66fd7a7389e73b6b48a; Download | Favorite | View

Page 1 of 1 Back 1 Next

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 63 files
Debian 20 files
LiquidWorm 19 files
Apple 9 files
Gentoo 5 files
Google Security Research 4 files
Alter Prime 3 files
Chokri Hammedi 3 files
nu11secur1ty 2 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,163)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,928)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,326)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,981)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2024-26130

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems