cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
References
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-11-29T18:50:24.263Z
Updated: 2023-12-05T01:28:16.238Z
Reserved: 2023-11-21T18:57:30.428Z
Link: CVE-2023-49083
JSON object: View
NVD Information
Status : Modified
Published: 2023-11-29T19:15:07.967
Modified: 2024-02-17T02:15:45.350
Link: CVE-2023-49083
JSON object: View
Redhat Information
No data.
CWE