PYSEC-2023-11

See a problem?

Import Source

https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2023-11.yaml

JSON Data

https://api.test.osv.dev/v1/vulns/PYSEC-2023-11

Aliases

Published

2023-02-07T21:15:00Z

Modified

2026-02-20T08:11:22.557733Z

Summary

[none]

Details

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into was originally introduced in cryptography 1.8.

References

Affected packages

PyPI / cryptography

Package

Name: cryptography; View open source insights on deps.dev
Purl: pkg:pypi/cryptography

Affected ranges

Type: GIT
Repo: https://github.com/pyca/cryptography
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

94a50a9731f35405f0357fa5f3b177d46a726ab3

Type: ECOSYSTEM
Events: Introduced

1.8

Fixed

39.0.1

Affected versions

1.*

1.8

1.8.1

1.8.2

1.9

2.*

2.0

2.0.1

2.0.2

2.0.3

2.1

2.1.1

2.1.2

2.1.3

2.1.4

2.2

2.2.1

2.2.2

2.3

2.3.1

2.4

2.4.1

2.4.2

2.5

2.6

2.6.1

2.7

2.8

2.9

2.9.1

2.9.2

3.*

3.0

3.1

3.1.1

3.2

3.2.1

3.3

3.3.1

3.3.2

3.4

3.4.1

3.4.2

3.4.3

3.4.4

3.4.5

3.4.6

3.4.7

3.4.8

35.*

35.0.0

36.*

36.0.0

36.0.1

36.0.2

37.*

37.0.0

37.0.1

37.0.2

37.0.3

37.0.4

38.*

38.0.0

38.0.1

38.0.2

38.0.3

38.0.4

39.*

39.0.0

Database specific

source

"https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2023-11.yaml"