NULL Pointer Dereference

CVE-2024-26130

High

7.5/10

Summary

Cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Starting in versions 38.0.0 through 42.0.3, and 43.0.0.dev1, if 'pkcs12.serialize_key_and_certificates' is called with both a certificate whose public key did not match the provided private key and an 'encryption_algorithm' with 'hmac_hash' set (via 'PrivateFormat.PKCS12.encryption_builder().hmac_hash(...)', then a NULL pointer dereference would occur, crashing the Python process.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: NONE
Availability Impact: HIGH

CWE-476 - NULL Pointer Dereference

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

References

Advisory
Issue
Pull request

Advisory Timeline

Published Feb 21, 2024

NULL Pointer Dereference

CVE-2024-26130

Summary

CWE-476 - NULL Pointer Dereference

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS