Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.Test your applications
- Snyk ID SNYK-DEBIAN12-PYTHONCRYPTOGRAPHY-6095071
- published 30 Nov 2023
- disclosed 29 Nov 2023
How to fix?
There is no fixed version for
Note: Versions mentioned in the description apply only to the upstream
python-cryptography package and not the
python-cryptography package as distributed by
How to fix? for
Debian:12 relevant fixed versions and status.
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling
load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.