—

PYSEC-2021-63

상세

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

이 버전이 영향받나요?

사용 중인 패키지 버전을 입력하면 즉시 평가합니다.

영향 패키지

PyPI / cryptography

최초 영향 버전: 3.1 수정 버전: 3.3.2

수정 pip install --upgrade 'cryptography>=3.3.2'

참고

https://github.com/pyca/cryptography/issues/5615 [REPORT]
https://github.com/pyca/cryptography/blob/master/CHANGELOG.rst [WEB]
https://github.com/pyca/cryptography/compare/3.3.1...3.3.2 [WEB]
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L7RGQLK4J5ZQFRLKCHVVG6BKZTUQMG7E/ [WEB]
https://github.com/advisories/GHSA-rhm9-p9w5-fwm7 [ADVISORY]