PYSEC-2021-63

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2021-63.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2021-63
Aliases
Published
2021-02-07T20:15:00Z
Modified
2023-11-01T05:30:39.470651Z
Summary
[none]
Details

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

References

Affected packages

PyPI / cryptography

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
3.1
Fixed
3.3.2

Affected versions

3.*

3.1
3.1.1
3.2
3.2.1
3.3
3.3.1