Security Vulnerability Detected
Dependency: cryptography
Criticality: CRITICAL (Score: undefined)
Vulnerability Details
Name: CVE-2020-36242
Description:
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2020-36242\"],\"published\":\"2021-02-07T20:15:12.090\",\"lastModified\":\"2024-11-21T05:29:08.287\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":5.2,\"weaknesses\":[\"CWE-190\",\"CWE-787\"]}"
Security Vulnerability Detected
Dependency:
cryptographyCriticality: CRITICAL (Score: undefined)
Vulnerability Details
Name: CVE-2020-36242
Description:
In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
Metadata
"{\"vulnerabilityIdentifiers\":[\"CVE-2020-36242\"],\"published\":\"2021-02-07T20:15:12.090\",\"lastModified\":\"2024-11-21T05:29:08.287\",\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H\",\"baseScore\":9.1,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":5.2,\"weaknesses\":[\"CWE-190\",\"CWE-787\"]}"