FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-cryptography -- tag forgery vulnerability

Affected packages
py27-cryptography < 2.3
py34-cryptography < 2.3
py35-cryptography < 2.3
py36-cryptography < 2.3
py37-cryptography < 2.3

Details

VuXML ID 9e2d0dcf-9926-11e8-a92d-0050562a4d7b
Discovery 2018-07-17
Entry 2018-08-06

The Python Cryptographic Authority (PyCA) project reports:

finalize_with_tag() allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the min_tag_length provided to the GCM constructor

References

CVE Name CVE-2018-10903