FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-cryptography -- tag forgery vulnerability

Affected packages
	py27-cryptography	<	2.3
	py34-cryptography	<	2.3
	py35-cryptography	<	2.3
	py36-cryptography	<	2.3
	py37-cryptography	<	2.3

Details

VuXML ID	9e2d0dcf-9926-11e8-a92d-0050562a4d7b
Discovery	2018-07-17
Entry	2018-08-06

The Python Cryptographic Authority (PyCA) project reports:

finalize_with_tag() allowed tag truncation by default which can allow tag forgery in some cases. The method now enforces the min_tag_length provided to the GCM constructor

[source]

References

CVE Name

CVE-2018-10903