Vulnerabilities
Projects
Vulnerability Disclosure
About Us
Contact Us
Mend.io Vulnerability Database
What is a WS vulnerability ID?
What is an MSC vulnerability ID?
We found results for “”
CVE-2023-49083
Good to know:
Date: November 29, 2023
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling "load_pem_pkcs7_certificates" or "load_der_pkcs7_certificates" could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.
Language: Python
Severity Score
Related Resources (10)
Severity Score
Weakness Type (CWE)
NULL Pointer Dereference
CWE-476Top Fix
Upgrade Version
Upgrade to version compass-interface-pandas - 0.25.0;cryptography - 41.0.6;cryptography - 41.0.4;cryptography - 39.0.2;cryptography - 39.0.0;google-cloud-sdk - 411.0.0;firecloud - no_fix;compass-interface-http - 0.25.0
CVSS v3.1
| Base Score: |
|
|---|---|
| Attack Vector (AV): | NETWORK |
| Attack Complexity (AC): | HIGH |
| Privileges Required (PR): | NONE |
| User Interaction (UI): | NONE |
| Scope (S): | UNCHANGED |
| Confidentiality (C): | NONE |
| Integrity (I): | NONE |
| Availability (A): | HIGH |