Skip to content

Symmetrically encrypting large values can lead to integer overflow

Moderate
alex published GHSA-rhm9-p9w5-fwm7 Feb 7, 2021

Package

cryptography (pypi)

Affected versions

>3.1

Patched versions

3.3.2+

Description

Impact

When certain sequences of update() calls with large values (multiple GBs) for symetric encryption or decryption occur, it's possible for an integer overflow to happen, leading to mishandling of buffers.

Patches

This is patched in version 3.3.2 and newer.

References

Severity

Moderate

CVE ID

CVE-2020-36242

Weaknesses

No CWEs