Main Vulnerability Database Vulnerabilities #VU88199

#VU88199 Observable discrepancy in python-cryptography - CVE-2023-50782

Published: April 8, 2024

Vulnerability identifier: #VU88199

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2023-50782

CWE-ID: CWE-203

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
python-cryptography

Software vendor:
Python Cryptographic Authority

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

Remediation

Install updates from vendor's website.

External links

https://access.redhat.com/security/cve/CVE-2023-50782
https://bugzilla.redhat.com/show_bug.cgi?id=2254432