PT-2015-7943 · Python+1 · Python-Cryptography-Vectors+3
Published
2015-11-27
·
Updated
2015-11-27
None
No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.
Name of the Vulnerable Software and Affected Versions
OpenSSL backend versions prior to 1.0.2
python-cryptography versions prior to 1.0.2
python-cryptography-vectors versions prior to 1.0.2
python-pyasn1 versions prior to 0.1.8
Description
The issue arises from the use of assertions in the OpenSSL backend to check response codes. When Python is run with the -O flag, these assertions are optimized away, potentially leading to undefined behavior if an invalid response code is received.
Recommendations
For OpenSSL backend versions prior to 1.0.2, update to version 1.0.2 or later.
For python-cryptography versions prior to 1.0.2, update to version 1.0.2 or later.
For python-cryptography-vectors versions prior to 1.0.2, update to version 1.0.2 or later.
For python-pyasn1 versions prior to 0.1.8, update to version 0.1.8 or later.
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Openssl
Python-Cryptography
Python-Cryptography-Vectors
Python-Pyasn1