{"id":"PYSEC-2023-254","details":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.","aliases":["CVE-2023-49083","GHSA-jfhm-5ghh-2f97"],"modified":"2024-02-17T07:41:40.326359Z","published":"2023-11-29T19:15:00Z","references":[{"type":"ADVISORY","url":"https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97"},{"type":"FIX","url":"https://github.com/pyca/cryptography/pull/9926"},{"type":"FIX","url":"https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/"}],"affected":[{"package":{"name":"cryptography","ecosystem":"PyPI","purl":"pkg:pypi/cryptography"},"ranges":[{"type":"GIT","repo":"https://github.com/pyca/cryptography","events":[{"introduced":"0"},{"fixed":"f09c261ca10a31fe41b1262306db7f8f1da0e48a"}]},{"type":"ECOSYSTEM","events":[{"introduced":"3.1"},{"fixed":"41.0.6"}]}],"versions":["3.1","3.1.1","3.2","3.2.1","3.3","3.3.1","3.3.2","3.4","3.4.1","3.4.2","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","35.0.0","36.0.0","36.0.1","36.0.2","37.0.0","37.0.1","37.0.2","37.0.3","37.0.4","38.0.0","38.0.1","38.0.2","38.0.3","38.0.4","39.0.0","39.0.1","39.0.2","40.0.0","40.0.1","40.0.2","41.0.0","41.0.1","41.0.2","41.0.3","41.0.4","41.0.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2023-254.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}