CVE-2023-38325

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions cryptography package versions prior to 41.0.2

Description The issue is related to errors in the certificate authentication procedure, which can be exploited by a remote attacker to perform a man-in-the-middle attack. The problem arises from the mishandling of SSH certificates that have critical options.

Recommendations For versions prior to 41.0.2, update to version 41.0.2 or later to resolve the issue.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2023-8071

ALT-PU-2023-8444

ALT-PU-2024-9926

BDU:2023-05436

CVE-2023-38325

GHSA-CF7P-GM2M-833M

OPENSUSE-SU-2024:13078-1

PYSEC-2023-112

Affected Products

Alt Linux

Red Os

Cryptography

CVE-2023-38325

Weakness Enumeration

Related Identifiers

Affected Products

References · 24