Product Research Enterprise Plans Docs

PyPi: Cryptography

CVE-2023-6237

Transitive

Safety vulnerability ID: 66777

This vulnerability was reviewed by experts

The information on this page was manually curated by our Cybersecurity Intelligence Team.

Created at Apr 25, 2024 Updated at Nov 04, 2024

Scan your Python projects for vulnerabilities →

Advisory

Cryptography 42.0.0 updates its bundled dependency 'OpenSSL' so to include the commit fix for CVE-2023-6237: Checking excessively long invalid RSA public keys may take a long time.

Affected package

cryptography

Latest version: 43.0.3

cryptography is a package which provides cryptographic recipes and primitives to Python developers.

Affected versions

Fixed versions

Vulnerability changelog

This vulnerability has no description

Resources

https://github.com/openssl/openssl/commit/0b0f7abfb37350794a4b8960fafc292cd5d1b84d
https://github.com/openssl/openssl/commit/18c02492138d1eb8b6548cb26e7b625fb2414a2a
https://github.com/openssl/openssl/commit/a830f551557d3d66a84bbb18a5b889c640c36294
https://github.com/pyca/cryptography/commit/4b5be7b0032ade70e09a43f9d857708e36170bbc
https://www.openssl.org/news/secadv/20240115.txt
https://bugzilla.redhat.com/show_bug.cgi?id=2258502
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6237

Use this package?

Scan your Python project for dependency vulnerabilities in two minutes

Scan your application