Untriaged
pyOpenSSL DTLS cookie callback buffer overflow
pyOpenSSL is a Python wrapper around the OpenSSL library. Starting in version 22.0.0 and prior to version 26.0.0, if a user provided callback to `set_cookie_generate_callback` returned a cookie value greater than 256 bytes, pyOpenSSL would overflow an OpenSSL provided buffer. Starting in version 26.0.0, cookie values that are too long are now rejected.
References
- https://github.com/pyca/pyopenssl/security/advisories/GHSA-5pwr-322w-8jr4 x_refsource_CONFIRM
- https://github.com/pyca/pyopenssl/commit/57f09bb4bb051d3bc2a1abd36e9525313d5cd408 x_refsource_MISC
- https://github.com/pyca/pyopenssl/blob/358cbf29c4e364c59930e53a270116249581eaa3/CHANGELOG.rst x_refsource_MISC
Affected products
pyopenssl
- ==>= 22.0.0, < 26.0.0
Matching in nixpkgs
pkgs.python312Packages.pyopenssl
Python wrapper around the OpenSSL library
pkgs.python313Packages.pyopenssl
Python wrapper around the OpenSSL library
pkgs.python314Packages.pyopenssl
Python wrapper around the OpenSSL library
pkgs.python312Packages.types-pyopenssl
Typing stubs for pyopenssl
-
nixos-25.11 24.1.0.20240722
- nixos-25.11-small 24.1.0.20240722
- nixpkgs-25.11-darwin 24.1.0.20240722
pkgs.python313Packages.types-pyopenssl
Typing stubs for pyopenssl
-
nixos-unstable 24.1.0.20240722
- nixpkgs-unstable 24.1.0.20240722
- nixos-unstable-small 24.1.0.20240722
-
nixos-25.11 24.1.0.20240722
- nixos-25.11-small 24.1.0.20240722
- nixpkgs-25.11-darwin 24.1.0.20240722
pkgs.python314Packages.types-pyopenssl
Typing stubs for pyopenssl
-
nixos-unstable 24.1.0.20240722
- nixpkgs-unstable 24.1.0.20240722
- nixos-unstable-small 24.1.0.20240722
Package maintainers
-
@gador Florian Brandes <florian.brandes@posteo.de>