CVE-2018-10903

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage.

Published: Jul 30, 2018
Updated: May 9, 2024
CVE: CVE-2018-10903
GHSA: GHSA-fcf9-3qw3-gxmj
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
cryptography / python-cryptography	1.9.0	2.3
canonical / ubuntu_linux	18.04	18.04.x
redhat / openstack	13	13.x
cryptography	1.9.0	2.3

https://access.redhat.com/errata/RHSA-2018:3600
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903
https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef
https://usn.ubuntu.com/3720-1/

Vulnerability Database

289,599

CVE-2018-10903