cryptoauthlib@20181026 vulnerabilities

Python Wrapper Library for Microchip Security Products

Direct Vulnerabilities

Known vulnerabilities in the cryptoauthlib package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.
Fix for free
Vulnerability Vulnerable Version
  • H
Denial of Service (DoS)

cryptoauthlib is a Python Wrapper Library for Microchip Security Products

Affected versions of this package are vulnerable to Denial of Service (DoS) due to buffer and stack overflow vulnerabilities. These vulnerabilities originate from the deprecated USB kit enumeration feature, where an attacker can impersonate a device and send malformed packets of arbitrary length, leading the protocol stack to write these packets to the stack, potentially causing a system crash or service disruption.

How to fix Denial of Service (DoS)?

Upgrade cryptoauthlib to version 20200912 or higher.

[,20200912)
  • H
Buffer Overflow

cryptoauthlib is a Python Wrapper Library for Microchip Security Products

Affected versions of this package are vulnerable to Buffer Overflow in deprecated USB HALs and USB enumeration.

How to fix Buffer Overflow?

Upgrade cryptoauthlib to version 20200912 or higher.

[,20200912)