HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
Metrics
Affected Vendors & Products
References
History
Mon, 09 Sep 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | CWE-20 | NVD-CWE-noinfo |
CPEs | cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:* | |
Metrics |
cvssV3_0
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: redhat
Published: 2017-03-27T17:00:00
Updated: 2024-08-06T02:42:11.253Z
Reserved: 2016-11-09T00:00:00
Link: CVE-2016-9243
Vulnrichment
No data.
NVD
Status : Modified
Published: 2017-03-27T17:59:00.460
Modified: 2024-11-21T03:00:50.370
Link: CVE-2016-9243
Redhat