Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2024-26130

Published: 21 February 2024

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

Priority

Medium

Status

Package Release Status
python-cryptography
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(2.1.4-1ubuntu1.4)
focal Not vulnerable
(2.8-3ubuntu0.2)
jammy Not vulnerable
(3.4.8-1ubuntu2.1)
mantic
Released (38.0.4-4ubuntu0.23.10.2)
trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(1.2.3-1ubuntu0.3)