---

CVE-2020-36242 - log back

CVE-2020-36242 edited at 07 Feb 2021 23:34:52
Description	- In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class. + In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multiple gigabytes of data could result in an integer overflow, leading to mishandling of buffers.
References	+ https://github.com/pyca/cryptography/security/advisories/GHSA-rhm9-p9w5-fwm7 https://github.com/pyca/cryptography/issues/5615 https://github.com/pyca/cryptography/pull/5747 https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae

CVE-2020-36242 edited at 07 Feb 2021 23:32:53
Severity	- Unknown + Medium
Remote	- Unknown + Local
Type	- Unknown + Incorrect calculation
Description	+ In python-cryptography before version 3.3.2, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
References	+ https://github.com/pyca/cryptography/issues/5615 + https://github.com/pyca/cryptography/pull/5747 + https://github.com/pyca/cryptography/commit/82b6ce28389f0a317bc55ba2091a74b346db7cae
Notes

CVE-2020-36242 created at 07 Feb 2021 23:27:40