Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
NA

CVE-2023-49083

Published: 29/11/2023 Updated: 17/02/2024
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 0
Subscribe to Cryptography Project

Vulnerability Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

cryptography project cryptography

Vendor Advisories

Debian CVElist Bug Report Logs: python-cryptography: CVE-2023-49083
Debian Bug report logs - #1057108 python-cryptography: CVE-2023-49083 Package: src:python-cryptography; Maintainer for src:python-cryptography is Tristan Seligmann <mithrandi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 29 Nov 2023 21:27:02 UTC Severity: important Tags: security, upst ...

Mailing Lists

Full Disclosure: Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Python Cryptography advisory: CVE-2023-49083 NULL-dereference when loading PKCS7 certificates <!--X-Subject-Header-End--> <!-- ...

References

CWE-476https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97https://github.com/pyca/cryptography/pull/9926https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48ahttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1057108https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
man-in-the-middleCVE-2024-34558CVE-2024-32674CVE-2024-34351XPath injectionCVE-2023-45866CVE-2024-25528CVE-2024-25517path traversal
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook