CVE-2020-36242 vulnerability in Fedora Project and Other Products
Published on February 7, 2021

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Github Repository Vendor Advisory NVD

Products Associated with CVE-2020-36242

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2020-36242 are published in these products:

Fedora Project Fedora

Cryptographyproject Cryptography

Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Cryptographyio Cryptography

Vulnerable Packages

The following package name and versions may be associated with CVE-2020-36242

Package Manager	Vulnerable Package	Versions	Fixed In
pip	cryptography	>= 3.1, < 3.3.2	3.3.2

Exploit Probability

EPSS

1.27%

Percentile

79.27%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

CVE-2020-36242 vulnerability in Fedora Project and Other ProductsPublished on February 7, 2021

Products Associated with CVE-2020-36242

Vulnerable Packages

Exploit Probability

CVE-2020-36242 vulnerability in Fedora Project and Other Products
Published on February 7, 2021