Home

CVE-2020-36242

Description

In the cryptography package before 3.3.2 for Python, certain sequences of update calls to symmetrically encrypt multi-GB values could result in an integer overflow and buffer overflow, as demonstrated by the Fernet class.

Risk Information

Base Score
9.1
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
EPSS Score
Exploitation Probability
1.272

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2020-36242 are fixed in Duo Security Authentication Proxy (6.0.0)Windows
Vulnerabilities CVE-2020-36242 are fixed in Duo Security Authentication Proxy 5.8.2Windows
Vulnerabilities CVE-2020-36242 are fixed in Duo Security Authentication Proxy (5.8.1)Windows
Vulnerabilities CVE-2022-24801,CVE-2020-36242 are fixed in Duo Security Authentication Proxy (5.8.0)Windows
Vulnerabilities CVE-2020-36242,null are fixed in Duo Security Authentication Proxy (5.8.1)Windows
Vulnerabilities CVE-2021-37842,CVE-2021-42763,CVE-2021-33503,CVE-2020-36242 are fixed in Couchbase Server Enterprise Edition 7.0.2Windows
Multiple vulnerabilities are fixed in Couchbase Server Enterprise Edition 6.6.3Windows
Vulnerabilities CVE-2022-24801,CVE-2020-36242 are fixed in Duo Security Authentication Proxy (5.7.4)Windows
Vulnerabilities CVE-2020-36242 are fixed in Python-cryptography 3.3.2Windows
Vulnerabilities CVE-2020-10735,CVE-2020-36242 are affected in MySQL Shell 8.0 (MSI) (x64) 8.0.31Windows
SUSE-SU-2021:0675-1(SUSE Linux Enterprise Server 12-SP5 ) python-cryptography-2.1.4-7.34.1.x86_64.rpmLinux
SUSE-SU-2021:0675-1(SUSE Linux Enterprise Server 12-SP5 ) python-cryptography-debuginfo-2.1.4-7.34.1.x86_64.rpmLinux
SUSE-SU-2021:0675-1(SUSE Linux Enterprise Server 12-SP5 ) python-cryptography-debugsource-2.1.4-7.34.1.x86_64.rpmLinux
SUSE-SU-2021:0675-1(SUSE Linux Enterprise Server 12-SP5 ) python3-cryptography-2.1.4-7.34.1.x86_64.rpmLinux
SUSE-SU-2021:0675-1(SUSE Linux Enterprise Server 12-SP5 ) python3-cryptography-debuginfo-2.1.4-7.34.1.x86_64.rpmLinux
(RHSA-2021:1608) python-cryptography security, bug fix, and enhancement update python-cryptography-debugsource-3.2.1-4.el8.x86_64.rpmLinux
(RHSA-2021:1608) python-cryptography security, bug fix, and enhancement update python3-cryptography-3.2.1-4.el8.x86_64.rpmLinux
SUSE-SU-2023:0794-1(Basesystem Module 15-SP4 ) python3-PyJWT-2.4.0-150200.3.6.2.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-websockets-9.1-150100.3.3.3.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) azure-cli-core-2.17.1-150100.6.18.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-avro-1.11.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-constantly-15.1.0-150000.3.4.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-cryptography-vectors-3.3.2-150100.3.11.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-humanfriendly-10.0-150100.6.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-knack-0.9.0-150100.3.7.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-0.8.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Basesystem Module 15-SP4 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-websockets-9.1-150100.3.3.3.x86_64_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-avro-1.11.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-0.8.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch_15_SP3.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-constantly-15.1.0-150000.3.4.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP5.rpmLinux
SUSE-SU-2023:2783-1(Basesystem Module 15-SP5 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch_15_SP5.rpmLinux
python3 update (TU-CESAS-0015) python3-idm-pki-11.4.2-1.el9.noarch.rpmLinux
python3 update (TU-CESAS-0015) python3-libxml2-2.9.13-4.el9.x86_64.rpmLinux
python3 update (TU-CESAS-0015) python3-cryptography-3.2.1-6.el8.x86_64.rpmLinux
Vulnerabilities CVE-2020-36242 are fixed in Python-cryptography for linux 3.3.2Linux
Out-of-bounds Write Vulnerability (CVE-2020-36242)NCM

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-331885Duo Security Authentication Proxy (6.0.2)
PATCH-338054Duo Security Authentication Proxy (6.4.0)
PATCH-338227Duo Security Authentication Proxy (6.4.1)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-342393Duo Security Authentication Proxy (6.4.2)
PATCH-347413Duo Security Authentication Proxy (6.5.0)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234