Home > Vulnerability Database > CVE-2024-26130

Mend.io Vulnerability Database

CVE-2024-26130

Good to know:

Date: February 21, 2024

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if "pkcs12.serialize_key_and_certificates" is called with both a certificate whose public key did not match the provided private key and an "encryption_algorithm" with "hmac_hash" set (via "PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)", then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a "ValueError" is properly raised.

Language: Python

Severity Score

7.5

Related Resources (7)

Url: https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2024-225.yaml

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-26130

Url: https://github.com/pyca/cryptography

Url: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55

Url: https://github.com/pyca/cryptography/pull/10423

Url: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4

Url: https://www.mend.io/vulnerability-database/CVE-2024-26130

Severity Score

7.5

Weakness Type (CWE)

NULL Pointer Dereference

CWE-476

Top Fix

Upgrade Version

Upgrade to version cryptography - 42.0.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-26130

Good to know:

Date: February 21, 2024

Language: Python

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?