Cryptographyproject Cryptography
By the Year
In 2024 there have been 0 vulnerabilities in Cryptographyproject Cryptography . Last year Cryptography had 3 security vulnerabilities published. Right now, Cryptography is on track to have less security vulnerabilities in 2024 than it did last year.
Year | Vulnerabilities | Average Score |
---|---|---|
2024 | 0 | 0.00 |
2023 | 3 | 7.17 |
2022 | 0 | 0.00 |
2021 | 1 | 9.10 |
2020 | 0 | 0.00 |
2019 | 0 | 0.00 |
2018 | 0 | 0.00 |
It may take a day or so for new Cryptography vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Cryptographyproject Cryptography Security Vulnerabilities
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers
CVE-2023-49083
7.5 - High
- November 29, 2023
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
NULL Pointer Dereference
The cryptography package before 41.0.2 for Python mishandles SSH certificates
CVE-2023-38325
7.5 - High
- July 14, 2023
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.
Improper Certificate Validation
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers
CVE-2023-23931
6.5 - Medium
- February 07, 2023
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.
Improper Check for Unusual or Exceptional Conditions
In the cryptography package before 3.3.2 for Python
CVE-2020-36242
9.1 - Critical
- February 07, 2021
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Memory Corruption
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Oracle Communications Cloud Native Core Network Function Cloud Native Environment or by Cryptographyproject? Click the Watch button to subscribe.