Fluid Attacks Database

Description

PyCA Cryptography vulnerable to GCM tag forgery A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
pypi	cryptography	>=1.9.0 <2.3	2.3
debian 13	python-cryptography	>=0 <2.3-1	2.3-1
debian 14	python-cryptography	>=0 <2.3-1	2.3-1
debian 11	python-cryptography	>=0 <2.3-1	2.3-1
debian 12	python-cryptography	>=0 <2.3-1	2.3-1

Aliases

1. CVE-2018-109032. NVD-2018-109033. OSV-2018-109034. OSV-DEBIAN-2018-109035. GHSA-fcf9-3qw3-gxmj6. GCVE-2018-109037. access.redhat.com8. SECURITY-TRACKER-CVE-2018-10903

References

1. https://github.com/pyca/cryptography/pull/43422. https://github.com/pyca/cryptography/commit/d4378e42937b56f473ddade2667f919ce32208cb3. https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-109034. https://github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2018-52.yaml5. https://usn.ubuntu.com/3720-1

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.