{"id":"CVE-2023-50782","details":"A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.","aliases":["GHSA-3ww4-gg4f-jr7f"],"modified":"2026-03-11T07:45:02.430771915Z","published":"2024-02-05T21:15:11.183Z","related":["CGA-v7vx-6v8h-88g9","MGASA-2025-0069","SUSE-SU-2024:3757-1","SUSE-SU-2024:3765-1","SUSE-SU-2024:3766-1","SUSE-SU-2024:3871-1","SUSE-SU-2024:3872-1","SUSE-SU-2024:3904-1","SUSE-SU-2024:3905-1","SUSE-SU-2024:3943-1","SUSE-SU-2025:20081-1","SUSE-SU-2025:20593-1","openSUSE-SU-2024:14416-1"],"references":[{"type":"WEB","url":"https://www.couchbase.com/alerts/"},{"type":"ADVISORY","url":"https://access.redhat.com/security/cve/CVE-2023-50782"},{"type":"ADVISORY","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254432"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=2254432"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pyca/cryptography","events":[{"introduced":"0"},{"fixed":"4e64baf360a3a89bd92582f59344c12b5c0bd3fd"}]}],"versions":["0.1","0.2","0.3","0.4","0.5","0.5.1","0.6","0.7","0.8","0.9","1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9","2.0","2.1","2.2","2.3","2.4","2.4.1","2.5","2.6","2.6.1","2.7","2.8","2.9","3.0","3.1","3.2","3.3","3.4","35.0.0","36.0.0","37.0.0","38.0.0","39.0.0","40.0.0","41.0.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-50782.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}