DEBIAN-CVE-2026-34073

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2026-34073

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-34073.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2026-34073

Upstream

CVE-2026-34073

Published

2026-03-31T03:15:59.123Z

Modified

2026-04-07T09:00:12.403463Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator

Summary

[none]

Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

References

https://security-tracker.debian.org/tracker/CVE-2026-34073

Affected packages

Debian:11 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/debian/python-cryptography?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.3.2-1

3.3.2-1+deb11u1

3.4.8-1

3.4.8-2

38.*

38.0.4-1

38.0.4-2

38.0.4-3~deb12u1

38.0.4-3

38.0.4-4

41.*

41.0.7-1

41.0.7-2

41.0.7-3

41.0.7-4

41.0.7-5

42.*

42.0.5-1

42.0.5-2

43.*

43.0.0-1

43.0.0-2

43.0.0-3

44.*

44.0.2-1

44.0.2-2

45.*

45.0.6-1~exp1

45.0.6-1

45.0.7-1

46.*

46.0.1-1~exp1

46.0.1-1

46.0.5-1

46.0.5-2

46.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-34073.json"

Debian:12 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/debian/python-cryptography?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

38.*

38.0.4-3

38.0.4-3+deb12u1

38.0.4-4

41.*

41.0.7-1

41.0.7-2

41.0.7-3

41.0.7-4

41.0.7-5

42.*

42.0.5-1

42.0.5-2

43.*

43.0.0-1

43.0.0-2

43.0.0-3

44.*

44.0.2-1

44.0.2-2

45.*

45.0.6-1~exp1

45.0.6-1

45.0.7-1

46.*

46.0.1-1~exp1

46.0.1-1

46.0.5-1

46.0.5-2

46.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-34073.json"

Debian:13 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/debian/python-cryptography?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

43.*

43.0.0-3

43.0.0-3+deb13u1

44.*

44.0.2-1

44.0.2-2

45.*

45.0.6-1~exp1

45.0.6-1

45.0.7-1

46.*

46.0.1-1~exp1

46.0.1-1

46.0.5-1

46.0.5-2

46.0.6-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-34073.json"

Debian:14 / python-cryptography

Package

Name: python-cryptography
Purl: pkg:deb/debian/python-cryptography?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

46.0.6-1

Affected versions

43.*

43.0.0-3

44.*

44.0.2-1

44.0.2-2

45.*

45.0.6-1~exp1

45.0.6-1

45.0.7-1

46.*

46.0.1-1~exp1

46.0.1-1

46.0.5-1

46.0.5-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2026-34073.json"