PT-2023-4923 · Pypi+2 · Cryptography+2

Lkubb

Publicado

2023-07-14

Atualizado

2024-09-18

CVE-2023-38325

CVSS v4.0

8.7

Alta

Vetor

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions cryptography package versions prior to 41.0.2

Description The issue is related to errors in the certificate authentication procedure, which can be exploited by a remote attacker to perform a man-in-the-middle attack. The problem arises from the mishandling of SSH certificates that have critical options.

Recommendations For versions prior to 41.0.2, update to version 41.0.2 or later to resolve the issue.

Exploit

Correção

Improper Certificate Validation

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-295

Identificadores relacionados

ALT-PU-2023-8071

ALT-PU-2023-8444

ALT-PU-2024-9926

BDU:2023-05436

CVE-2023-38325

GHSA-CF7P-GM2M-833M

OPENSUSE-SU-2024:13078-1

PYSEC-2023-112

Produtos afetados

Alt Linux

Red Os

Cryptography

PT-2023-4923 · Pypi+2 · Cryptography+2

CVE-2023-38325

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 25