Question: What are the fix patches for CVE-2023-52323? #796
Comments
|
This advisories is associated with the following patch: |
|
https://groups.google.com/g/linux.debian.bugs.dist/c/ibzqvtwhi8M |
|
[ removed, my mistake ] |
|
Hi @Legrandin, I am facing a similar issue with WRLinux LTS23, which requires a patch on pycryptodome_3.17 to resolve CVE-2023-52323. Could you kindly provide the specific commit for this fix? Thank you for your assistance! |
|
Hi @Legrandin Thank you very much for your response. However, we are now facing some issues and need your help. We are using pycryptodome version 3.10.1 in the OpenEmbedded-Core Hardknott branch. Since this branch is no longer maintained, we cannot resolve the issue by upgrading and have to rely on patching instead. Unfortunately, the patch from commit 0deea1b cannot be applied due to differences in the following section. Could you please take a look and help us address CVE-2023-52323 based on pycryptodome-3.10.1? libCryptoCipherPKCS1_v1_5.py.rej.txt Thank you in advance for your assistance. |
I found 26 commits between versions 3.19.0 and 3.19.1. Which ones fix CVE-2023-52323?
My analysis should be the following commit:
afb5e27
519e7ae
0deea1b
In addition, does CVE-2023-52323 provide other information such as POC or issue? The information available is very limited.
https://nvd.nist.gov/vuln/detail/CVE-2023-52323
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst#3191-28-december-2023
https://www.pycryptodome.org/src/changelog#december-2023
We look forward to your reply. Thanks.
The text was updated successfully, but these errors were encountered: