Nixpkgs Security Tracker

Login with GitHub

Suggestions search

Untriaged
Filter by:
With package: python312Packages.cryptography

Found 3 matching suggestions

View:
Compact
Detailed
Permalink CVE-2025-3416
3.7 LOW
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): NONE
  • Integrity impact (I): NONE
  • Availability impact (A): LOW
created 6 months, 1 week ago
Openssl: rust-openssl use-after-free in `md::fetch` and `cipher::fetch`

A flaw was found in OpenSSL's handling of the properties argument in certain functions. This vulnerability can allow use-after-free exploitation, which may result in undefined behavior or incorrect property parsing, leading to OpenSSL treating the input as an empty string.

References

Affected products

gjs
polkit
firefox
mozjs60
openssl
rpm-ostree
389-ds-base
rust-bootupd
rust-openssl
  • <0.10.72
mingw-openssl
kata-containers
keylime-agent-rust
rhtas/tuffer-rhel9
rhtas/tuftool-rhel9
389-ds:1.4/389-ds-base
firefox:flatpak/firefox
python3.12-cryptography
redhat-ds:11/389-ds-base
redhat-ds:12/389-ds-base
rhtpa/rhtpa-trustification-service-rhel9

Matching in nixpkgs

pkgs.gjs

JavaScript bindings for GNOME

  • nixos-unstable -

pkgs.polkit

Toolkit for defining and handling the policy that allows unprivileged processes to speak to privileged processes

  • nixos-unstable -

pkgs.openssl

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.xulrunner

Web browser built from Firefox source tree

pkgs.cmd-polkit

Easily create polkit authentication agents by using commands

  • nixos-unstable -

pkgs.firefoxpwa

Tool to install, manage and use Progressive Web Apps (PWAs) in Mozilla Firefox (native component)

  • nixos-unstable -

pkgs.rpm-ostree

Hybrid image/package system. It uses OSTree as an image format, and uses RPM as a component model

  • nixos-unstable -

pkgs.openssl_1_1

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_0

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.openssl_3_5

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.polkit_gnome

Dbus session bus service that is used to bring up authentication dialogs

  • nixos-unstable -

pkgs.tpm2-openssl

OpenSSL Provider for TPM2 integration

  • nixos-unstable -

pkgs.faust2firefox

The faust2firefox script, part of faust functional programming language for realtime audio signal processing

  • nixos-unstable -

pkgs.openssl_legacy

Cryptographic library that implements the SSL and TLS protocols

  • nixos-unstable -

pkgs.firefox_decrypt

Tool to extract passwords from profiles of Mozilla Firefox and derivates

  • nixos-unstable -

pkgs.firefox-sync-client

Commandline-utility to list/view/edit/delete entries in a firefox-sync account

  • nixos-unstable -

Package maintainers

Permalink CVE-2024-9979
5.3 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): LOCAL
  • Attack complexity (AC): LOW
  • Privileges required (PR): LOW
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): LOW
  • Integrity impact (I): LOW
  • Availability impact (A): LOW
created 6 months, 1 week ago
Pyo3: risk of use-after-free in `borrowed` reads from python weak references

A flaw was found in PyO3. This vulnerability causes a use-after-free issue, potentially leading to memory corruption or crashes via unsound borrowing from weak Python references.

References

Affected products

pyo3
  • <0.22.4
python-rpds-py
python3.11-nh3
python3.11-rpds-py
python3.11-cryptography
python3.12-cryptography

Matching in nixpkgs

Package maintainers

Permalink CVE-2024-3296
5.9 MEDIUM
  • CVSS version: 3.1
  • Attack vector (AV): NETWORK
  • Attack complexity (AC): HIGH
  • Privileges required (PR): NONE
  • User interaction (UI): NONE
  • Scope (S): UNCHANGED
  • Confidentiality impact (C): HIGH
  • Integrity impact (I): NONE
  • Availability impact (A): NONE
created 6 months, 1 week ago
Rust-openssl: timing based side-channel can lead to a bleichenbacher style attack

A timing-based side-channel exists in the rust-openssl package, which could be sufficient to recover a plaintext across a network in a Bleichenbacher-style attack. To achieve successful decryption, an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode.

References

Affected products

bootc
upstream
389-ds-base
rust-bootupd
rust-openssl
  • *
rust-zincati
keylime-agent-rust
389-ds:1.4/389-ds-base
python3.12-cryptography
389-directory-server:next/389-ds-base
389-directory-server:stable/389-ds-base
389-directory-server:testing/389-ds-base

Matching in nixpkgs

pkgs.bootc

Boot and upgrade via container images

  • nixos-unstable -

pkgs._389-ds-base

Enterprise-class Open Source LDAP server for Linux

  • nixos-unstable -

pkgs.podman-bootc

Streamlining podman+bootc interactions

  • nixos-unstable -

Package maintainers