SB2022111732 - SUSE update for python-cryptography, python-cryptography-vectors
Published: November 17, 2022
Security Bulletin ID
SB2022111732
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Information disclosure
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Information disclosure (CVE-ID: CVE-2018-10903)
The vulnerability allows a remote attacker to obtain potentially sensitive information.
The vulnerability exists due to due to insufficient enforcement of a minimum tag length prior to passing user-supplied input to the finalize_with_tag API. A remote attacker can send a specially crafted request that submits a malicious short tag length, trigger key leakage and access sensitive information.
Remediation
Install update from vendor's website.