In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
References
Link | Resource |
---|---|
https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst | Release Notes Third Party Advisory |
https://github.com/pyca/cryptography/compare/3.3.1...3.3.2 | Patch Third Party Advisory |
https://github.com/pyca/cryptography/issues/5615 | Exploit Patch Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/ | |
https://www.oracle.com/security-alerts/cpuapr2022.html | Patch Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-02-07T19:50:57
Updated: 2022-07-25T16:22:24
Reserved: 2021-02-07T00:00:00
Link: CVE-2020-36242
JSON object: View
NVD Information
Status : Modified
Published: 2021-02-07T20:15:12.090
Modified: 2023-11-07T03:22:08.227
Link: CVE-2020-36242
JSON object: View
Redhat Information
No data.