All errata/sisyphus/ALT-PU-2024-12943-2
ALT-PU-2024-12943-2

Package update python3-module-cryptography in branch sisyphus

Version42.0.0-alt1
Task#338900
Published2026-02-04
Max severityHIGH
Severity:

Closed issues (3)

BDU:2024-04115
HIGH7.5

Уязвимость компонента RSA Key Exchange Handler пакета python-cryptography языка программирования python, позволяющая нарушителю раскрыть конфиденциальные данных

Published: 2024-05-27Modified: 2026-04-20
CVSS 3.xHIGH 7.5
CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0HIGH 7.8
CVSS:2.0/AV:N/AC:L/Au:N/C:C/I:N/A:N
References
CVE-2023-50782
HIGH7.5

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Published: 2024-02-05Modified: 2026-03-24
CVSS 3.xHIGH 7.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
References
GHSA-3ww4-gg4f-jr7f
HIGH8.7

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack

Published: 2024-02-06Modified: 2026-02-27
CVSS 3.xHIGH 8.7
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 4.0HIGH 8.7
CVSS:4.0/CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
References