CVE-2023-50782

Observable Timing Discrepancy in pypi/cryptography

Identifiers

GHSA-3ww4-gg4f-jr7f, CVE-2023-50782

Package Slug

pypi/cryptography

Vulnerability

Observable Timing Discrepancy

Description

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Affected Versions

All versions before 42.0.0

Solution

Upgrade to version 42.0.0 or above.

Last Modified

2024-02-06

source