Published: 07/02/2023 Updated: 16/02/2023

CVSS v3 Base Score: 6.5 | Impact Score: 2.5 | Exploitability Score: 3.9

VMScore: 0

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions `Cipher.update_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as `bytes`) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since `update_into` was originally introduced in cryptography 1.8.

Vulnerable Product	Search on Vulmon	Subscribe to Product
cryptography project cryptography

Debian Bug report logs - #1031049 python-cryptography: CVE-2023-23931 Package: src:python-cryptography; Maintainer for src:python-cryptography is Tristan Seligmann <mithrandi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Fri, 10 Feb 2023 21:27:01 UTC Severity: important Tags: security, upst ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

Synopsis Moderate: python-cryptography security update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for python-cryptography is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated th ...

Synopsis Important: Red Hat Quay security update Type/Severity Security Advisory: Important Topic An update is now available for Red Hat Quay 3Red Hat Product Security has rated this update as having a security impact of Important A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available f ...

Synopsis Moderate: Red Hat Ansible Automation Platform 24 Product Security and Bug Fix Update Type/Severity Security Advisory: Moderate Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Ansible Automation Platform 24Red Hat P ...

DescriptionThe MITRE CVE dictionary describes this issue as: cryptography is a package designed to expose cryptographic primitives and recipes to Python developers In affected versions `Cipherupdate_into` would accept Python objects which implement the buffer protocol, but provide only immutable buffers This would allow immutable objects (such a ...

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

Critical Infrastructure Sectors: Critical Manufacturing

CWE-754 https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031049 https://nvd.nist.gov https://www.cisa.gov/news-events/ics-advisories/icsa-24-046-11 https://access.redhat.com/security/cve/cve-2023-23931

CVE-2023-23931

Vulnerability Summary

Vendor Advisories

ICS Advisories

References

Vulmon Search

About

Products

Connect