Vulnerabilities > CVE-2024-26130 - NULL Pointer Dereference vulnerability in Cryptography.Io Cryptography

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

cryptography-io

CWE-476

NVD

Published: 2024-02-21

Updated: 2025-02-05

Summary

cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.

Vulnerable Configurations

Part	Description	Count
Application	Cryptography.Io Cryptography.Io Cryptography 38.0.0 Cryptography.Io Cryptography 38.0.1 Cryptography.Io Cryptography 38.0.2 Cryptography.Io Cryptography 38.0.3 Cryptography.Io Cryptography 38.0.4 Cryptography.Io Cryptography 39.0.0 Cryptography.Io Cryptography 39.0.1 Cryptography.Io Cryptography 39.0.2 Cryptography.Io Cryptography 40.0.0 Cryptography.Io Cryptography 40.0.1 Cryptography.Io Cryptography 40.0.2 Cryptography.Io Cryptography 41.0.0 Cryptography.Io Cryptography 41.0.1 Cryptography.Io Cryptography 41.0.2 Cryptography.Io Cryptography 41.0.3 Cryptography.Io Cryptography 41.0.4 Cryptography.Io Cryptography 41.0.5 Cryptography.Io Cryptography 41.0.6 Cryptography.Io Cryptography 42.0.0 Cryptography.Io Cryptography 42.0.1 Cryptography.Io Cryptography 42.0.2 Cryptography.Io Cryptography 42.0.3	22

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References