Skip to content

cryptography NULL pointer dereference with pkcs12.serialize_key_and_certificates when called with a non-matching certificate and private key and an hmac_hash override

High severity GitHub Reviewed Published Feb 21, 2024 in pyca/cryptography • Updated Feb 21, 2024

Package

pip cryptography (pip)

Affected versions

>= 38.0.0, < 42.0.4

Patched versions

42.0.4

Description

If pkcs12.serialize_key_and_certificates is called with both:

  1. A certificate whose public key did not match the provided private key
  2. An encryption_algorithm with hmac_hash set (via PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)

Then a NULL pointer dereference would occur, crashing the Python process.

This has been resolved, and now a ValueError is properly raised.

Patched in pyca/cryptography#10423

References

@alex alex published to pyca/cryptography Feb 21, 2024
Published by the National Vulnerability Database Feb 21, 2024
Published to the GitHub Advisory Database Feb 21, 2024
Reviewed Feb 21, 2024
Last updated Feb 21, 2024

Severity

High
7.5
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
None
User interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Weaknesses

CVE ID

CVE-2024-26130

GHSA ID

GHSA-6vqw-3v5j-54x4

Source code

Credits

Checking history
See something to contribute? Suggest improvements for this vulnerability.