{"id":"PYSEC-2024-225","details":"cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in version 38.0.0 and prior to version 42.0.4, if `pkcs12.serialize_key_and_certificates` is called with both a certificate whose public key did not match the provided private key and an `encryption_algorithm` with `hmac_hash` set (via `PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)`, then a NULL pointer dereference would occur, crashing the Python process. This has been resolved in version 42.0.4, the first version in which a `ValueError` is properly raised.","aliases":["CVE-2024-26130","GHSA-6vqw-3v5j-54x4"],"modified":"2026-03-11T07:46:40.716324Z","published":"2024-02-21T17:15:09Z","related":["GHSA-6vqw-3v5j-54x4"],"references":[{"type":"ADVISORY","url":"https://github.com/pyca/cryptography/security/advisories/GHSA-6vqw-3v5j-54x4"},{"type":"FIX","url":"https://github.com/pyca/cryptography/commit/97d231672763cdb5959a3b191e692a362f1b9e55"},{"type":"FIX","url":"https://github.com/pyca/cryptography/pull/10423"},{"type":"REPORT","url":"https://github.com/pyca/cryptography/pull/10423"}],"affected":[{"package":{"name":"cryptography","ecosystem":"PyPI","purl":"pkg:pypi/cryptography"},"ranges":[{"type":"GIT","repo":"https://github.com/pyca/cryptography","events":[{"introduced":"0"},{"fixed":"97d231672763cdb5959a3b191e692a362f1b9e55"},{"fixed":"97d231672763cdb5959a3b191e692a362f1b9e55"}]},{"type":"ECOSYSTEM","events":[{"introduced":"38.0.0"},{"fixed":"42.0.4"}]}],"versions":["38.0.0","38.0.1","38.0.2","38.0.3","38.0.4","39.0.0","39.0.1","39.0.2","40.0.0","40.0.1","40.0.2","41.0.0","41.0.1","41.0.2","41.0.3","41.0.4","41.0.5","41.0.6","41.0.7","42.0.0","42.0.1","42.0.2","42.0.3"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2024-225.yaml"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}