{"id":"AZL-32051","summary":"CVE-2023-49083 affecting package python-cryptography for versions less than 3.3.2-6","details":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Calling `load_pem_pkcs7_certificates` or `load_der_pkcs7_certificates` could lead to a NULL-pointer dereference and segfault. Exploitation of this vulnerability poses a serious risk of Denial of Service (DoS) for any application attempting to deserialize a PKCS7 blob/certificate. The consequences extend to potential disruptions in system availability and stability. This vulnerability has been patched in version 41.0.6.","modified":"2026-04-01T05:08:33.695640Z","published":"2023-11-29T19:15:07Z","upstream":["CVE-2023-49083"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-49083"}],"affected":[{"package":{"name":"python-cryptography","ecosystem":"Azure Linux:2","purl":"pkg:rpm/azure-linux/python-cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.3.2-6"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-32051.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}