CVE-2023-38325

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-38325
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

7.5 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/pyca/cryptography/compare/41.0.1...41.0.2 Patch
https://github.com/pyca/cryptography/issues/9207 Exploit Issue Tracking Patch Vendor Advisory
https://github.com/pyca/cryptography/pull/9208 Patch Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/
https://pypi.org/project/cryptography/#history Release Notes
https://security.netapp.com/advisory/ntap-20230824-0010/
Configurations

Configuration 1 (hide)

cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
History

05 Sep 2024, 16:09

Type Values Removed Values Added
CPE cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:* cpe:2.3:a:cryptography.io:cryptography:*:*:*:*:*:python:*:*
First Time Cryptography.io cryptography
Cryptography.io

07 Nov 2023, 04:17

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/', 'name': 'FEDORA-2023-2b0f2e4bc3', 'tags': [], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/ -

24 Aug 2023, 19:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20230824-0010/ -

22 Aug 2023, 19:16

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NMCCTYY3CSNQBFFYYC5DAV6KATHWCUZK/ -

27 Jul 2023, 03:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5
CWE CWE-295
First Time Cryptography Project
Cryptography Project cryptography
CPE cpe:2.3:a:cryptography_project:cryptography:*:*:*:*:*:python:*:*
References (MISC) https://github.com/pyca/cryptography/issues/9207 - (MISC) https://github.com/pyca/cryptography/issues/9207 - Exploit, Issue Tracking, Patch, Vendor Advisory
References (MISC) https://github.com/pyca/cryptography/pull/9208 - (MISC) https://github.com/pyca/cryptography/pull/9208 - Patch, Vendor Advisory
References (MISC) https://pypi.org/project/cryptography/#history - (MISC) https://pypi.org/project/cryptography/#history - Release Notes
References (MISC) https://github.com/pyca/cryptography/compare/41.0.1...41.0.2 - (MISC) https://github.com/pyca/cryptography/compare/41.0.1...41.0.2 - Patch

14 Jul 2023, 20:15

Type Values Removed Values Added
New CVE
Information

Published : 2023-07-14 20:15

Updated : 2024-09-05 16:09

NVD link : CVE-2023-38325

Mitre link : CVE-2023-38325

CVE.ORG link : CVE-2023-38325

JSON object : View

Products Affected

cryptography.io

  • cryptography
CWE
CWE-295

Improper Certificate Validation