Improper Validation of Integrity Check Affecting tlslite-ng package, versions [,0.8.0-alpha3)


Severity

Recommended
0.0
medium
0
10

CVSS assessment made by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
0.06% (30th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-PYTHON-TLSLITENG-42096
  • published25 Apr 2018
  • disclosed18 Apr 2018
  • creditUnknown

Introduced: 18 Apr 2018

CVE-2018-1000159  (opens in a new tab)
CWE-298  (opens in a new tab)

How to fix?

Upgrade tlslite-ng to version 0.8.0-alpha3 or higher.

Overview

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols.

Affected versions of this package are vulnerable to Improper Validation of Integrity Check. It can result in an attacker manipulating the TLS ciphertext which will not be detected by receiving tlslite-ng.

CVSS Scores

version 3.1