CVE-2023-23931: Improper Check for Unusual or Exceptional Conditions
(updated )
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. In affected versions Cipher.update_into
would accept Python objects which implement the buffer protocol, but provide only immutable buffers. This would allow immutable objects (such as bytes
) to be mutated, thus violating fundamental rules of Python and resulting in corrupted output. This now correctly raises an exception. This issue has been present since update_into
was originally introduced in cryptography 1.8.
References
Detect and mitigate CVE-2023-23931 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →