Analysis

pypa · Feb 6, 2025 · 7262255 · 7262255
1 parent 68b03bc
commit 7262255
Show file tree

Hide file tree

Showing 2 changed files with 443 additions and 45 deletions.
diff --git a/vulns/cryptography/PYSEC-0000-CVE-2024-26130.yaml b/vulns/cryptography/PYSEC-0000-CVE-2024-26130.yaml
@@ -1,7 +1,4 @@
 id: PYSEC-0000-CVE-2024-26130
-severity:
-- type: CVSS_V3
-  score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
 details: cryptography is a package designed to expose cryptographic primitives and
   recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4,
   if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose
@@ -10,6 +7,22 @@ details: cryptography is a package designed to expose cryptographic primitives a
   then a NULL pointer dereference would occur, crashing the Python process. This has
   been resolved in version 42.0.4, the first version in which a `ValueError` is properly
   raised.
+aliases:
+- CVE-2024-26130
+modified: '2025-02-06T00:34:24.427679Z'
+published: '2024-02-21T17:15:09Z'
+related:
+- GHSA-6vqw-3v5j-54x4
+- GHSA-6vqw-3v5j-54x4
+references:
+- type: ADVISORY
+  url: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
+- type: FIX
+  url: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
+- type: FIX
+  url: https://github.com/pyca/cryptography/pull/10423
+- type: REPORT
+  url: https://github.com/pyca/cryptography/pull/10423
 affected:
 - package:
     name: cryptography
@@ -19,26 +32,37 @@ affected:
   - type: GIT
     repo: https://github.com/pyca/cryptography
     events:
-    - introduced: "0"
+    - introduced: '0'
     - fixed: 97d231672763cdb5959a3b191e692a362f1b9e55
     - fixed: 97d231672763cdb5959a3b191e692a362f1b9e55
   - type: ECOSYSTEM
     events:
     - introduced: 38.0.0
     - fixed: 42.0.4
-references:
-- type: ADVISORY
-  url: https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4
-- type: FIX
-  url: https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55
-- type: FIX
-  url: https://github.com/pyca/cryptography/pull/10423
-- type: REPORT
-  url: https://github.com/pyca/cryptography/pull/10423
-aliases:
-- CVE-2024-26130
-related:
-- GHSA-6vqw-3v5j-54x4
-- GHSA-6vqw-3v5j-54x4
-modified: "2025-02-05T22:09:20Z"
-published: "2024-02-21T17:15:09Z"
+  versions:
+  - 38.0.0
+  - 38.0.1
+  - 38.0.2
+  - 38.0.3
+  - 38.0.4
+  - 39.0.0
+  - 39.0.1
+  - 39.0.2
+  - 40.0.0
+  - 40.0.1
+  - 40.0.2
+  - 41.0.0
+  - 41.0.1
+  - 41.0.2
+  - 41.0.3
+  - 41.0.4
+  - 41.0.5
+  - 41.0.6
+  - 41.0.7
+  - 42.0.0
+  - 42.0.1
+  - 42.0.2
+  - 42.0.3
+severity:
+- type: CVSS_V3
+  score: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H