Pkuzco

**Name of the Vulnerable Software and Affected Versions** cryptography versions prior to 41.0.6 **Description** The issue is related to the functions `load pem pkcs7 certificates()` and `load der pkcs7 certificates()` in the cryptography package, which can lead to a NULL-pointer dereference and segfault. Exploitation of this issue poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate, potentially disrupting system availability and stability. **Recommendations** For versions prior to 41.0.6, update to version 41.0.6 to resolve the issue. As a temporary workaround, consider disabling the `load pem pkcs7 certificates()` and `load der pkcs7 certificates()` functions until a patch is available. Restrict access to the vulnerable functions to minimize the risk of exploitation. Avoid using the `load pem pkcs7 certificates()` and `load der pkcs7 certificates()` functions in the affected API endpoints until the issue is resolved.