Mend.io Vulnerability Database

What is a CVE vulnerability ID? icon What is a WS vulnerability ID? icon What is an MSC vulnerability ID? icon
New vulnerability? Tell us about it!
icon

We found results for “

CVE-2023-23931

Good to know:

icon
icon

Date: February 7, 2023

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions "Cipher.update_into" would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as "bytes") to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since "update_into" was originally introduced in cryptography 1.8.

Language: Python

Severity Score

Related Resources (11)

https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2023-11.yaml
https://github.com/pyca/cryptography/pull/8230/commits/94a50a9731f35405f0357fa5f3b177d46a726ab3
https://nvd.nist.gov/vuln/detail/CVE-2023-23931
https://github.com/pyca/cryptography/security/advisories/GHSA-w7pp-m8wf-vj6r
https://github.com/pyca/cryptography/commit/d6951dca25de45abd52da51b608055371fbcde4e
https://security-tracker.debian.org/tracker/CVE-2023-23931
https://github.com/pyca/cryptography
https://security.netapp.com/advisory/ntap-20230324-0007/
https://github.com/pyca/cryptography/pull/8230
https://access.redhat.com/security/cve/CVE-2023-23931
https://www.mend.io/vulnerability-database/CVE-2023-23931

Severity Score

Weakness Type (CWE)

Improper Check for Unusual or Exceptional Conditions

CWE-754

Top Fix

icon

Upgrade Version

Upgrade to version cryptography - 39.0.1

Learn More

CVSS v3.1

Base Score:
Attack Vector (AV): NETWORK
Attack Complexity (AC): HIGH
Privileges Required (PR): NONE
User Interaction (UI): NONE
Scope (S): UNCHANGED
Confidentiality (C): NONE
Integrity (I): LOW
Availability (A): LOW

Do you need more information?

Contact Us