CVE-2023-50782
published 2024-02-05CVE-2023-50782: A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key…
high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| couchbase | couchbase_server | — | — |
| couchbase | couchbase_server | — | — |
| cryptography.io | cryptography | < 42.0.0 | 42.0.0 |
| cryptography.io | cryptography | >= 0 < 42.0.0 | 42.0.0 |
| debian | python-cryptography | < python-cryptography 42.0.5-1 (forky) | python-cryptography 42.0.5-1 (forky) |
| msrc | azl3_python-cryptography_3.3.2-5_on_azure_linux_3.0 | — | — |
| msrc | azl3_python-cryptography_42.0.5-1_on_azure_linux_3.0 | — | — |
| msrc | azure_linux_3.0_arm | — | — |
| msrc | azure_linux_3.0_x64 | — | — |
| msrc | cbl2_python-cryptography_3.3.2-7_on_cbl_mariner_2.0 | — | — |
| paloalto | pan-os | — | — |
| redhat | ansible_automation_platform | — | — |
| redhat | enterprise_linux | — | — |
| redhat | enterprise_linux | — | — |
| redhat | update_infrastructure | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
osv7.5HIGH