{"id":"CVE-2018-10903","details":"A flaw was found in python-cryptography versions between \u003e=1.9.0 and \u003c2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.","aliases":["GHSA-fcf9-3qw3-gxmj","PYSEC-2018-52"],"modified":"2026-03-19T02:50:29.337759Z","published":"2018-07-30T16:29:00.283Z","related":["MGASA-2018-0429","SUSE-SU-2018:3392-1","SUSE-SU-2018:3553-1","SUSE-SU-2020:0790-1","SUSE-SU-2020:0792-1","SUSE-SU-2022:4044-1"],"references":[{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2018:3600"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3720-1/"},{"type":"FIX","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903"},{"type":"FIX","url":"https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pyca/cryptography","events":[{"introduced":"0"},{"fixed":"0a846e294806478770469219a26cd49dcb5502d7"}],"database_specific":{"versions":[{"introduced":"1.9.0"},{"fixed":"2.3"}]}}],"versions":["0.1","0.2","0.3","0.4","0.5","0.5.1","0.6","0.7","0.8","0.9","1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9","2.0","2.1","2.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-10903.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"13"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}