CVE-2020-36242 log

Source
Severity Medium
Remote No
Type Incorrect calculation
Description
In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.
Group Package Affected Fixed Severity Status Ticket
AVG-1583 python2-cryptography 3.3.1-1 3.3.2-1 Medium Fixed
AVG-1541 python-cryptography 3.3.1-1 3.4-1 Medium Fixed
Date Advisory Group Package Severity Type
27 Feb 2021 ASA-202102-36 AVG-1541 python-cryptography Medium incorrect calculation
References
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
https://github.com/pyca/cryptography/issues/5615
https://github.com/pyca/cryptography/pull/5747
https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae