pkg:Debian/python-cryptography

All known vulnerabilities

• CRITICAL9.8CVE-2026-39892Cryptography vulnerable to buffer overflow if non-contiguous buffers were passed to APIs
  from 0, < 46.0.7-1
• CRITICAL9.1CVE-2020-36242PyCA Cryptography symmetrically encrypting large values can lead to integer overflow
  from 0, < 3.3.2-1
• HIGH7.5CVE-2024-26130cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override
  from 0, < 38.0.4-3+deb12u1
• HIGH7.5CVE-2023-50782Python Cryptography package vulnerable to Bleichenbacher timing oracle attack
  from 0
• HIGH7.5CVE-2016-9243Improper input validation in cryptography
  from 0, < 1.5.3-1
• HIGH7.5CVE-2018-10903PyCA Cryptography vulnerable to GCM tag forgery
  from 0, < 2.3-1
• MEDIUM6.5CVE-2026-26007cryptography Vulnerable to a Subgroup Attack Due to Missing Subgroup Validation for SECT Curves
  from 0
• MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
  from 0, < 2.6.1-3+deb10u4
• MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
  from 0, < 3.3.2-1+deb11u1
• MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
  from 0, < 3.3.2-1+deb11u1
• MEDIUM6.5CVE-2023-23931Cipher.update_into can corrupt memory if passed an immutable python object as the outbuf
  from 0, < 2.6.1-3+deb10u3
• MEDIUM5.9CVE-2023-49083cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
  from 0, < 3.3.2-1+deb11u1
• MEDIUM5.9CVE-2020-25659RSA decryption vulnerable to Bleichenbacher timing vulnerability
  from 0, < 3.2.1-1
• MEDIUM5.3CVE-2026-34073cryptography has incomplete DNS name constraint enforcement on peer names
  from 0