CVE-2020-36242 log

Source
Severity Medium
Remote No
Type Incorrect calculation
Description
In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.
Group Package Affected Fixed Severity Status Ticket
AVG-1583 python2-cryptography 3.3.1-1 Medium Vulnerable
AVG-1541 python-cryptography 3.3.1-1 3.4-1 Medium Fixed
References
https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7
https://github.com/pyca/cryptography/issues/5615
https://github.com/pyca/cryptography/pull/5747
https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae