漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
N/A
Vulnerability Description
A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.
CVSS Information
N/A
Vulnerability Type
输入验证不恰当
Vulnerability Title
python-cryptography 安全漏洞
Vulnerability Description
python-cryptography是一个基于Python语言的加密标准库。 python-cryptography 1.9.0版本至2.3版本(不包括2.3版本)存在安全漏洞,该漏洞源于finalize_with_tag API没有遵守标签的最小长度值的设置。攻击者可通过构造带有较小标签的无效载荷利用该漏洞绕过MAC,泄露密钥。
CVSS Information
N/A
Vulnerability Type
N/A