CVE-2023-50782

CWE-203 CWE-208 CWE-38512 documents8 sources

Severity

7.5HIGH

EPSS

0.9%

top 25.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cryptography.io Cryptography Couchbase Couchbase Server Redhat Ansible Automation Platform +2 more

Timeline

PublishedFeb 5

Latest updateMar 14

Description

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶Debianpython-cryptography< 42.0.5-1+1

▶Ubuntupython-cryptography< 2.8-3ubuntu0.3+3

▶PyPIcryptography< 42.0.0

▶NVDcryptography.io/cryptography< 42.0.0

▶NVDcouchbase/couchbase_server7.6.0, 7.6.1+1

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

OSV

python-cryptography vulnerability↗2024-03-14

▶

OSV

python-cryptography vulnerabilities↗2024-03-04

▶

OSV

CVE-2023-50782: A flaw was found in the python-cryptography package↗2024-02-05

▶

GHSA

Python Cryptography package vulnerable to Bleichenbacher timing oracle attack↗2024-02-05

▶

CVEList

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659↗2024-02-05

▶

📋Vendor Advisories

Ubuntu

python-cryptography vulnerability↗2024-03-14

▶

Ubuntu

python-cryptography vulnerabilities↗2024-03-04

▶

Microsoft

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659↗2024-02-13

▶

Red Hat

python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659↗2023-12-13

▶

Debian

CVE-2023-50782: python-cryptography - A flaw was found in the python-cryptography package. This issue may allow a remo...↗2023

▶