 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2024-26130 |
| Description: | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.856269 1.3.6.1.4.1.25623.1.1.12.2024.6673.3 1.3.6.1.4.1.25623.1.0.833862 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2024-26130 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/pull/10423 https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4 |