CVE-2023-50782
Published: December 14, 2023Last modified: July 22, 2025
Description
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
Severity score breakdown
| Parameter | Value |
|---|---|
| Base score | 7.5 |
| Attack Vector | NETWORK |
| Attack complexity | LOW |
| Privileges required | NONE |
| User interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality | HIGH |
| Integrity impact | NONE |
| Availability impact | NONE |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Notes
The fix in openssl (libcrypto3) package.
Status
| Product | Release | Package | Status |
|---|---|---|---|
| Alpaquita Linux | 23 LTS | openssl | Fixed (3.0.12-r5) |
| py3-cryptography | Will not fix (38.0.3-r1) | ||
| Stream | openssl | Fixed (3.1.5-r6) | |
| py3-cryptography | Will not fix (39.0.2-r0) | ||
| Hardened Containers | 23 LTS | openssl | Fixed (3.0.12-r5) |
| Stream | openssl | Fixed (3.1.5-r6) |