1. CVE-Search
  2. CVE-2020-36242
ID CVE-2020-36242
Summary In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.
References
Vulnerable Configurations
  • cpe:2.3:a:cryptography_project:cryptography:0.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.2.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.5:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.5:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.5.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.5.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.5.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.5.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.5.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.5.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.5.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.5.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.6:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.6:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.6.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.6.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.7:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.7:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.7.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.7.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.7.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.7.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.8:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.8:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.8.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.8.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.8.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.8.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.9:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.9:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.9.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.9.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.9.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.9.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:0.9.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:0.9.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.0:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.0:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.0.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.1.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.1.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.1.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.1.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.2.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.2.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.2.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.3.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.3.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.3.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.3.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.3.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.3.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.3.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.5:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.5:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.5.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.5.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.5.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.5.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.5.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.5.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.6:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.6:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.7:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.7:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.7.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.7.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.7.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.7.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.8:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.8:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.8.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.8.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.8.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.8.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:1.9:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:1.9:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.0:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.0:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.0.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.0.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.0.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.0.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.0.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.0.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.1.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.1.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.1.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.1.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.1.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.1.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.1.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.1.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.2.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.2.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.3.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.4:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.4:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.4.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.4.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.4.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.4.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.5:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.5:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.6:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.6:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.6.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.6.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.7:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.7:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.8:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.8:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.9:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.9:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.9.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.9.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:2.9.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:2.9.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.0:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.0:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.1.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.1.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.2:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.2:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.2.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.2.1:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.3:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.3:*:*:*:*:python:*:*
  • cpe:2.3:a:cryptography_project:cryptography:3.3.1:*:*:*:*:python:*:*
    cpe:2.3:a:cryptography_project:cryptography:3.3.1:*:*:*:*:python:*:*
  • cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
  • cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
    cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*
CVSS
Base: 6.4 (as of 06-12-2022 - 21:52)
Impact:
Exploitability:
CWE CWE-190
CAPEC
  • Forced Integer Overflow
    This attack forces an integer variable to go out of range. The integer variable is often used as an offset such as size of memory allocation or similarly. The attacker would typically control the value of such variable and try to get it out of range. For instance the integer in question is incremented past the maximum possible value, it may wrap to become a very small, or negative number, therefore providing a very incorrect value which can lead to unexpected behavior. At worst the attacker can execute arbitrary code.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:P
Last major update 06-12-2022 - 21:52
Published 07-02-2021 - 20:15
Last modified 06-12-2022 - 21:52
Back to Top