CVE-2024-2511 – cryptography

Package

Manager: pip
Name: cryptography
Vulnerable Version: >=35.0.0 <42.0.6

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

CVSS v4.0: CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N

EPSS: N/A pctlN/A

Details

Affected versions of this package are vulnerable to Uncontrolled Resource Consumption ('Resource Exhaustion') due to the session cache entering an incorrect state and failing to flush properly as it fills, leading to uncontrolled memory consumption.

Metadata

Created:
Modified:
Source: MANUAL
CWE IDs: ["CWE-400"]
Alternative ID: N/A
Finding: F067
Auto approve: 1