CVE-2023-37920

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-37920
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-37920.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-37920
Aliases
Related
Published
2023-07-25T21:15:10Z
Modified
2024-10-19T16:45:54.390611Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.

References

Affected packages

Alpine:v3.18 / py3-certifi

Package

Name
py3-certifi
Purl
pkg:apk/alpine/py3-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.7.22-r0

Affected versions

14.*

14.05.14-r0

2015.*

2015.04.28-r0
2015.9.6.2-r0
2015.11.20-r0

2016.*

2016.9.26-r0
2016.9.26-r1

2017.*

2017.4.17-r0
2017.7.27.1-r0
2017.7.27.1-r1

2018.*

2018.4.16-r0

2019.*

2019.3.9-r0
2019.6.16-r0
2019.9.11-r0
2019.9.11-r1
2019.9.11-r2
2019.11.28-r0

2020.*

2020.4.5.1-r0
2020.4.5.2-r0
2020.6.20-r0
2020.6.20-r1
2020.6.20-r2
2020.12.5-r0
2020.12.5-r1
2020.12.5-r2

2021.*

2021.10.8-r0

2022.*

2022.6.15-r0
2022.9.24-r0
2022.9.24-r1
2022.12.7-r0
2022.12.7-r1
2022.12.7-r2

2023.*

2023.5.7-r0

Debian:11 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2020.*

2020.6.20-1

2022.*

2022.6.15-2
2022.9.24-1

2023.*

2023.7.22-1
2023.11.17-1

2024.*

2024.6.2-1
2024.8.30-1
2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

2022.*

2022.9.24-1

2023.*

2023.7.22-1
2023.11.17-1

2024.*

2024.6.2-1
2024.8.30-1
2024.8.30+dfsg-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / python-certifi

Package

Name
python-certifi
Purl
pkg:deb/debian/python-certifi?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2023.7.22-1

Affected versions

2022.*

2022.9.24-1

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/certifi/python-certifi

Affected ranges

Type
GIT
Repo
https://github.com/certifi/python-certifi
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2015.*

2015.04.28
2015.09.06
2015.09.06.1
2015.09.06.2
2015.11.20
2015.11.20.1

2016.*

2016.02.28
2016.08.02
2016.08.08
2016.08.31
2016.09.26

2017.*

2017.01.23
2017.04.17
2017.07.27
2017.07.27.1
2017.11.05

2018.*

2018.01.18
2018.04.16
2018.08.13
2018.08.24
2018.10.15
2018.11.29

2019.*

2019.03.09
2019.06.16
2019.09.11
2019.11.28

2020.*

2020.04.05
2020.04.05.1
2020.04.05.2
2020.06.20
2020.11.08
2020.12.05

2021.*

2021.05.30
2021.10.08

2022.*

2022.05.18
2022.05.18.1
2022.06.15
2022.06.15.1
2022.06.15.2
2022.09.14
2022.09.24
2022.12.07

2023.*

2023.05.07

v1.*

v1.0.0
v1.0.1