CVE-2024-26130
CVSS 3.1 Score 7.5 of 10 (high)
Details
Published Feb 21, 2024
Updated: Feb 22, 2024
CWE ID 476
Summary
CVE-2024-26130 is a vulnerability affecting the cryptography package in Python versions between 38.0.0 and 41.9.3. If a certificate with an incongruous public key and a private key are used together with the `hmac_hash` encryption algorithm in the `pkcs12.serialize_key_and_certificates` function, a NULL pointer dereference results, potentially crashing the Python process. This issue is now resolved in version 42.0.4, where a `ValueError` is properly raised instead.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share