CVE-2020-36242 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	No
Type	Incorrect calculation
Description	In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-1583	python2-cryptography	3.3.1-1	3.3.2-1	Medium	Fixed
AVG-1541	python-cryptography	3.3.1-1	3.4-1	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
27 Feb 2021	ASA-202102-36	AVG-1541	python-cryptography	Medium	incorrect calculation

References
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7 https://github.com/pyca/cryptography/issues/5615 https://github.com/pyca/cryptography/pull/5747 https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae

References

https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
https://github.com/pyca/cryptography/issues/5615
https://github.com/pyca/cryptography/pull/5747
https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae