cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
History

Thu, 12 Dec 2024 02:15:00 +0000

Type Values Removed Values Added
First Time appeared Redhat rhel Eus
CPEs cpe:/a:redhat:rhel_eus:8.8
Vendors & Products Redhat rhel Eus

Thu, 05 Sep 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Cryptography.io
Cryptography.io cryptography
CPEs cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:* cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
Vendors & Products Cryptography Project
Cryptography Project cryptography
Cryptography.io
Cryptography.io cryptography

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-11-29T18:50:24.263Z

Updated: 2024-08-02T21:46:29.207Z

Reserved: 2023-11-21T18:57:30.428Z

Link: CVE-2023-49083

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2023-11-29T19:15:07.967

Modified: 2024-11-21T08:32:47.163

Link: CVE-2023-49083

cve-icon Redhat

Severity : Moderate

Publid Date: 2023-11-28T00:00:00Z

Links: CVE-2023-49083 - Bugzilla