CVE-2016-9243

HKDF in cryptography before 1.5.2 returns an empty byte-string if used with a length less than algorithm.digest_size.
References
Link Resource
http://www.openwall.com/lists/oss-security/2016/11/09/2 Mailing List Patch VDB Entry
http://www.securityfocus.com/bid/94216 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3138-1 Third Party Advisory
https://cryptography.io/en/latest/changelog Release Notes Third Party Advisory
https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 Patch Third Party Advisory
https://github.com/pyca/cryptography/issues/3211 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/11/09/2 Mailing List Patch VDB Entry
http://www.securityfocus.com/bid/94216 Broken Link Third Party Advisory VDB Entry
http://www.ubuntu.com/usn/USN-3138-1 Third Party Advisory
https://cryptography.io/en/latest/changelog Release Notes Third Party Advisory
https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 Patch Third Party Advisory
https://github.com/pyca/cryptography/issues/3211 Issue Tracking Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ Mailing List Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:24:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:25:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.10:*:*:*:*:*:*:*

History

21 Nov 2024, 03:00

Type Values Removed Values Added
References () http://www.openwall.com/lists/oss-security/2016/11/09/2 - Mailing List, Patch, VDB Entry () http://www.openwall.com/lists/oss-security/2016/11/09/2 - Mailing List, Patch, VDB Entry
References () http://www.securityfocus.com/bid/94216 - Broken Link, Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/94216 - Broken Link, Third Party Advisory, VDB Entry
References () http://www.ubuntu.com/usn/USN-3138-1 - Third Party Advisory () http://www.ubuntu.com/usn/USN-3138-1 - Third Party Advisory
References () https://cryptography.io/en/latest/changelog - Release Notes, Third Party Advisory () https://cryptography.io/en/latest/changelog - Release Notes, Third Party Advisory
References () https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 - Patch, Third Party Advisory () https://github.com/pyca/cryptography/commit/b924696b2e8731f39696584d12cceeb3aeb2d874 - Patch, Third Party Advisory
References () https://github.com/pyca/cryptography/issues/3211 - Issue Tracking, Third Party Advisory () https://github.com/pyca/cryptography/issues/3211 - Issue Tracking, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ - Mailing List, Third Party Advisory () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ - Mailing List, Third Party Advisory

09 Sep 2024, 13:52

Type Values Removed Values Added
References () http://www.securityfocus.com/bid/94216 - Third Party Advisory, VDB Entry () http://www.securityfocus.com/bid/94216 - Broken Link, Third Party Advisory, VDB Entry
References () https://github.com/pyca/cryptography/issues/3211 - Third Party Advisory () https://github.com/pyca/cryptography/issues/3211 - Issue Tracking, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ - Mailing List, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ - Mailing List, Third Party Advisory
CWE CWE-20 NVD-CWE-noinfo
CPE cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:*:*:* cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*

07 Nov 2023, 02:36

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/', 'name': 'FEDORA-2016-d3a2b640ce', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/', 'name': 'FEDORA-2016-e77c8c1f3b', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/', 'name': 'FEDORA-2016-2d90e27e50', 'tags': ['Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5R2ZOBMPWDFFHUZ6QOZZY36A6H5CGJXL/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WQ5G7KHKZC4SI23JE7277KZXM57GEQKT/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U23KDR2M2N7W2ZSREG63BVW7D4VC6CIZ/ -

Information

Published : 2017-03-27 17:59

Updated : 2024-11-21 03:00


NVD link : CVE-2016-9243

Mitre link : CVE-2016-9243

CVE.ORG link : CVE-2016-9243


JSON object : View

Products Affected

cryptography.io

  • cryptography

canonical

  • ubuntu_linux

fedoraproject

  • fedora