This security bulletin contains one low risk vulnerability.
1) Error Handling
EUVDB-ID: #VU72036
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2023-23931
CWE-ID: CWE-388 - Error Handling
Exploit availability: No
Description
The vulnerability allows an attacker to misuse Python API.
The vulnerability exists due to a soundness bug within the Cipher.update_into function, which can allow immutable objects (such as bytes) to be mutated. A malicious programmer can misuse Python API to introduce unexpected behavior into the application.
Mitigation
Update the affected package python-cryptography to the latest version.
Vulnerable software versions
SUSE Linux Enterprise Server for SAP Applications 12: SP5
SUSE Linux Enterprise Server 12: SP5
SUSE Linux Enterprise High Performance Computing 12: SP5
python-cryptography-debugsource: before 2.8-7.40.1
python3-cryptography: before 2.8-7.40.1
python3-cryptography-debuginfo: before 2.8-7.40.1
python-cryptography-debuginfo: before 2.8-7.40.1
python-cryptography: before 2.8-7.40.1
CPE2.3
External links
http://www.suse.com/support/update/announcement/2023/suse-su-20231767-1/
Q & A
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
Support the originator by clicking the read the rest link below.