Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.1
CVSSv3

CVE-2020-36242

Published: 07/02/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.4 | Impact Score: 4.9 | Exploitability Score: 10
CVSS v3 Base Score: 9.1 | Impact Score: 5.2 | Exploitability Score: 3.9
VMScore: 571
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:P
Subscribe to Cryptography

Vulnerability Summary

In the cryptography package prior to 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cryptography project cryptography

fedoraproject fedora 33

oracle communications cloud native core network function cloud native environment 1.10.0

Vendor Advisories

Arch Linux Issues:
In python-cryptography before version 332, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers ...

Github Repositories

https://github.com/AdiRashkes/python-tda-bug-hunt-2

FEATURE: SmartFix for Python The feature provides the minimum fix version of a given vulnerable direct that solves the biggest amount of vulnerabilities on top of a Pull-Request DEPENDENCY lyrebird==0105 VULNERABLE TRANSITIVE DEPENDENCIES mitmproxy==403 cryptography==222 VULNERABILITIES mitmproxy==403 -> CVE-2018-14505 cryptography==222 -> CVE-2020-

https://github.com/sonatype-nexus-community/jake

Check your Python environments for vulnerable Open Source packages with OSS Index or Sonatype Nexus Lifecycle.

Jake jake is a tool to check for your Python environments and applications that can: produce CycloneDX software bill-of-materials report on known vulnerabilities jake is powered by Sonatype OSS Index and can also be used with Sonatype's Nexus IQ Server Installation Install from pypiorg as you would any other Python module: pip install jake

References

CWE-787CWE-190https://github.com/pyca/cryptography/issues/5615https://github.com/pyca/cryptography/blob/master/CHANGELOG.rsthttps://github.com/pyca/cryptography/compare/3.3.1...3.3.2https://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/https://nvd.nist.govhttps://github.com/AdiRashkes/python-tda-bug-hunt-2https://github.com/sonatype-nexus-community/jakehttps://security.archlinux.org/CVE-2020-36242
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
injectionCVE-2024-30983CVE-2023-4235CVE-2024-21338privilegeencryptionCVE-2023-4232CVE-2024-31497CVE-2024-32341
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook