CVE-2023-50782

EUVD-2024-0496
A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
redhatansible_automation_platform
2.0
redhatenterprise_linux
8.0
redhatenterprise_linux
9.0
cryptography.iocryptography
𝑥
< 42.0.0
couchbasecouchbase_server
7.6.0
couchbasecouchbase_server
7.6.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-cryptography
bookworm
ignored
bookworm (security)
vulnerable
bullseye
ignored
bullseye (security)
vulnerable
buster
no-dsa
sid
43.0.0-1
fixed
trixie
43.0.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-cryptography
bionic
Fixed 2.1.4-1ubuntu1.4+esm1
released
focal
Fixed 2.8-3ubuntu0.3
released
jammy
Fixed 3.4.8-1ubuntu2.2
released
lunar
ignored
mantic
Fixed 38.0.4-4ubuntu0.23.10.2
released
noble
not-affected
trusty
ignored
xenial
Fixed 1.2.3-1ubuntu0.3+esm1
released
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
libopenssl-3-devel
suse enterprise desktop 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.69.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl-3-fips-provider
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl-3-fips-provider-32bit
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl3
suse enterprise desktop 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.69.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
libopenssl3-32bit
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
openssl-3
suse enterprise desktop 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise desktop 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise desktop 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise sap 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise sap 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise sap 15 SP7
3.2.3-150700.3.20
fixed
suse enterprise server 15 SP4
3.0.8-150400.4.69.1
fixed
suse enterprise server 15 SP5
3.0.8-150500.5.48.1
fixed
suse enterprise server 15 SP6
3.1.4-150600.5.21.1
fixed
suse enterprise server 15 SP7
3.2.3-150700.3.20
fixed
Common Weakness Enumeration
References
https://access.redhat.com/security/cve/CVE-2023-50782
https://bugzilla.redhat.com/show_bug.cgi?id=2254432
https://access.redhat.com/security/cve/CVE-2023-50782
https://bugzilla.redhat.com/show_bug.cgi?id=2254432
https://www.couchbase.com/alerts/