QwikSec

Security Database

CVE

CWE

Training

CVE-2023-49083

Published: Nov 29, 2023

Modified: Dec 18, 2025

PUBLISHED

CVSS v3.1

5.9

MEDIUM

Description

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.

Vendor	Product	Versions
pyca	cryptography	affected `>= 3.1, < 41.0.6`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

References

https://github.com/pyca/cryptography/security/advisories/GHSA-jfhm-5ghh-2f97

x_refsource_CONFIRM

https://github.com/pyca/cryptography/pull/9926

x_refsource_MISC

https://github.com/pyca/cryptography/commit/f09c261ca10a31fe41b1262306db7f8f1da0e48a

x_refsource_MISC

https://lists.fedoraproject.org/archives/list/[email protected]/message/QMNTYMUGFJSDBYBU22FUYBHFRZODRKXV/

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.