CVE-2020-36242
pypi/cryptography
Integer Overflow or Wraparound
In the cryptography package for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
All versions before 3.3.2
Upgrade to version 3.3.2 or above.
2021-02-10
source |