Skip to main content

NULL Pointer Dereference


Severity High
Score 7.5/10


Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in versions 38.0.0 through 42.0.3, and 43.0.0.dev1, if 'pkcs12.serialize_key_and_certificates' is called with both a certificate whose public key did not match the provided private key and an 'encryption_algorithm' with 'hmac_hash' set (via 'PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)', then a NULL pointer dereference would occur, crashing the Python process.

  • LOW
  • NONE
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Advisory Timeline

  • Published