CVE-2023-49083

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-49083
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49083.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-49083
Aliases
Downstream
Related
Published
2023-11-29T18:50:24Z
Modified
2025-10-15T02:33:29.434266Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
cryptography vulnerable to NULL-dereference when loading PKCS7 certificates
Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling load_pem_pkcs7_certificates or load_der_pkcs7_certificates could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

References

Affected packages

Git / github.com/pyca/cryptography

Affected ranges

Type
GIT
Repo
https://github.com/pyca/cryptography
Events

Affected versions

3.*

3.1
3.2
3.3
3.4

35.*

35.0.0

36.*

36.0.0

37.*

37.0.0

38.*

38.0.0

39.*

39.0.0

40.*

40.0.0

41.*

41.0.0
41.0.1
41.0.2
41.0.3
41.0.4
41.0.5