CVE-2020-36242

Integer Overflow or Wraparound in pypi/cryptography

Identifier

CVE-2020-36242

Package Slug

pypi/cryptography

Vulnerability

Integer Overflow or Wraparound

Description

In the cryptography package for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Affected Versions

All versions before 3.3.2

Solution

Upgrade to version 3.3.2 or above.

Last Modified

2021-02-10

source