PT-2023-9146 · Pypi+7 · Python-Cryptography+7

Hubert Kario

+1

·

Publicado

2023-12-14

·

Atualizado

2026-02-25

·

CVE-2023-50782

CVSS v4.0

8.7

Alta

VetorAV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Name of the Vulnerable Software and Affected Versions python-cryptography (affected versions not specified)
Description A flaw was found in the python-cryptography package, which may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges. This could lead to exposure of confidential or sensitive data. The issue is related to an uncontrolled consumption of resources in the RSA Key Exchange Handler component.
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

DoS

Side Channel Attack

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-203CWE-208CWE-385

Identificadores relacionados

ALT-PU-2024-12943
AZL-34309
AZL-35129
BDU:2024-04115
CVE-2023-50782
ECHO-96E2-B383-D2C5
GHSA-3WW4-GG4F-JR7F
MGASA-2025-0069
OESA-2025-1774
OESA-2025-1775
OESA-2025-1776
OESA-2025-1863
OESA-2025-1864
OESA-2025-1865
OPENSUSE-SU-2024:14416-1
OPENSUSE-SU-2024_3765-1
OPENSUSE-SU-2024_3766-1
OPENSUSE-SU-2024_3905-1
OPENSUSE-SU-2024_3943-1
SUSE-SU-2024:3757-1
SUSE-SU-2024:3765-1
SUSE-SU-2024:3766-1
SUSE-SU-2024:3871-1
SUSE-SU-2024:3872-1
SUSE-SU-2024:3904-1
SUSE-SU-2024:3905-1
SUSE-SU-2024:3943-1
SUSE-SU-2024_3757-1
SUSE-SU-2024_3765-1
SUSE-SU-2024_3766-1
SUSE-SU-2024_3871-1
SUSE-SU-2024_3872-1
SUSE-SU-2024_3904-1
SUSE-SU-2024_3905-1
SUSE-SU-2024_3943-1
SUSE-SU-2025:20081-1
SUSE-SU-2025:20593-1
USN-6663-1
USN-6673-1
USN-6673-2

Produtos afetados

Alt Linux
Astra Linux
Debian
Linuxmint
Red Os
Suse
Ubuntu
Python-Cryptography