UBUNTU-CVE-2026-34073

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2026-34073
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2026-34073
Upstream
Withdrawn
2026-04-13T09:32:07Z
Published
2026-03-31T03:15:00Z
Modified
2026-04-13T12:52:49.324092Z
Severity
  • 1.7 (Low) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U CVSS Calculator
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
  • Ubuntu - medium
Summary
[none]
Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints were only validated against SANs within child certificates, and not the "peer name" presented during each validation. Consequently, cryptography would allow a peer named bar.example.com to validate against a wildcard leaf certificate for *.example.com, even if the leaf's parent certificate (or upwards) contained an excluded subtree constraint for bar.example.com. This issue has been patched in version 46.0.6.

References

Affected packages

Ubuntu:20.04:LTS
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@2.8-3ubuntu0.3?arch=source&distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2.*
2.6.1-3.1
2.6.1-4
2.6.1-4ubuntu1
2.8-1ubuntu2
2.8-2
2.8-3
2.8-3ubuntu0.1
2.8-3ubuntu0.2
2.8-3ubuntu0.3

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-cryptography",
            "binary_version": "2.8-3ubuntu0.3"
        },
        {
            "binary_name": "python3-cryptography",
            "binary_version": "2.8-3ubuntu0.3"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"
Ubuntu:22.04:LTS
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@3.4.8-1ubuntu2.4?arch=source&distro=jammy

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

3.*
3.3.2-1
3.3.2-1build1
3.4.8-1
3.4.8-1ubuntu1
3.4.8-1ubuntu2
3.4.8-1ubuntu2.1
3.4.8-1ubuntu2.2
3.4.8-1ubuntu2.3
3.4.8-1ubuntu2.4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-cryptography",
            "binary_version": "3.4.8-1ubuntu2.4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"
Ubuntu:24.04:LTS
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@41.0.7-4ubuntu0.4?arch=source&distro=noble

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

38.*
38.0.4-4
38.0.4-4ubuntu1
41.*
41.0.7-3
41.0.7-4build2
41.0.7-4build3
41.0.7-4ubuntu0.1
41.0.7-4ubuntu0.3
41.0.7-4ubuntu0.4

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-cryptography",
            "binary_version": "41.0.7-4ubuntu0.4"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"
Ubuntu:25.10
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@43.0.0-1ubuntu1.2?arch=source&distro=questing

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

43.*
43.0.0-1ubuntu1
43.0.0-1ubuntu1.1
43.0.0-1ubuntu1.2

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python3-cryptography",
            "binary_version": "43.0.0-1ubuntu1.2"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"
Ubuntu:Pro:16.04:LTS
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@1.2.3-1ubuntu0.3+esm1?arch=source&distro=esm-infra/xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.0.1-1ubuntu1
1.0.2-1
1.1-1
1.1.1-1
1.1.1-1ubuntu1
1.1.1-1ubuntu2
1.1.1-1ubuntu3
1.2.2-2
1.2.3-1
1.2.3-1ubuntu0.1
1.2.3-1ubuntu0.2
1.2.3-1ubuntu0.3
1.2.3-1ubuntu0.3+esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-cryptography",
            "binary_version": "1.2.3-1ubuntu0.3+esm1"
        },
        {
            "binary_name": "python3-cryptography",
            "binary_version": "1.2.3-1ubuntu0.3+esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"
Ubuntu:Pro:18.04:LTS
python-cryptography

Package

Name
python-cryptography
Purl
pkg:deb/ubuntu/python-cryptography@2.1.4-1ubuntu1.4+esm1?arch=source&distro=esm-infra/bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1.*
1.9-1
2.*
2.1.3-3
2.1.4-1
2.1.4-1build1
2.1.4-1build2
2.1.4-1ubuntu1
2.1.4-1ubuntu1.1
2.1.4-1ubuntu1.2
2.1.4-1ubuntu1.3
2.1.4-1ubuntu1.4
2.1.4-1ubuntu1.4+esm1

Ecosystem specific 

{
    "binaries": [
        {
            "binary_name": "python-cryptography",
            "binary_version": "2.1.4-1ubuntu1.4+esm1"
        },
        {
            "binary_name": "python3-cryptography",
            "binary_version": "2.1.4-1ubuntu1.4+esm1"
        }
    ]
}

Database specific

source 
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2026/UBUNTU-CVE-2026-34073.json"