ALT-PU-2024-15774-3

Package update python3-module-cryptography in branch c9f2

Version41.0.7-alt0.c9f2.1

Published2026-02-04

Max severityHIGH

Severity:

Closed issues (4)

HIGH7.5

Уязвимость функций load_pem_pkcs7_certificates() и load_der_pkcs7_certificates() пакет cryptography, позволяющая нарушителю вызвать отказ в обслуживании

Published: 2024-04-03Modified: 2025-11-19

CVSS 3.xHIGH 7.5

CVSS:3.x/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CVSS 2.0HIGH 7.8

CVSS:2.0/AV:N/AC:L/Au:N/C:N/I:N/A:C

References

CVE-2023-49083

HIGH7.5

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Published: 2023-11-29Modified: 2025-11-03

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-jfhm-5ghh-2f97

MEDIUM5.9

cryptography vulnerable to NULL-dereference when loading PKCS7 certificates

Published: 2023-11-28Modified: 2025-11-04

CVSS 3.xMEDIUM 5.9

CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References

GHSA-v8gr-m533-ghj9

NONE

Vulnerable OpenSSL included in cryptography wheels

Published: 2023-09-21

References

Closed bugs (1)

Оставляет мусор