cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.
History

Fri, 11 Oct 2024 15:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat satellite
Redhat satellite Capsule
CPEs cpe:/a:redhat:satellite:6.15::el8
cpe:/a:redhat:satellite_capsule:6.15::el8
Vendors & Products Redhat satellite
Redhat satellite Capsule

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-02-21T16:28:18.632Z

Updated: 2024-08-14T20:01:52.628Z

Reserved: 2024-02-14T17:40:03.687Z

Link: CVE-2024-26130

cve-icon Vulnrichment

Updated: 2024-08-01T23:59:32.542Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2024-02-21T17:15:09.863

Modified: 2024-02-22T19:07:27.197

Link: CVE-2024-26130

cve-icon Redhat

Severity : Important

Publid Date: 2024-02-21T00:00:00Z

Links: CVE-2024-26130 - Bugzilla