Red Hat Security Advisory: python3.12-cryptography security update
A NULL pointer dereference vulnerability exists in the python-cryptography library's pkcs12. serialize_key_and_certificates function when called with a non-matching certificate and private key along with an hmac_hash override (CVE-2024-26130). This issue affects python3. 12-cryptography packages in Red Hat Enterprise Linux 9 and related variants. Red Hat has issued an important security advisory with updated packages to address this flaw. No CVSS score is provided, but the vulnerability is rated as important by Red Hat Product Security. There are no known exploits in the wild at this time.
AI Analysis
Technical Summary
The vulnerability CVE-2024-26130 involves a NULL pointer dereference in the python-cryptography library's pkcs12.serialize_key_and_certificates function. This occurs when the function is called with a non-matching certificate and private key combined with an hmac_hash override. The flaw can cause a denial of service or crash due to the NULL pointer dereference. Red Hat has released updated python3.12-cryptography packages for Red Hat Enterprise Linux 9 and its extended update support versions to fix this issue. The advisory does not provide a CVSS score but classifies the impact as important.
Potential Impact
The vulnerability may lead to a denial of service condition by causing a NULL pointer dereference crash in applications using the affected python-cryptography function. There are no reports of active exploitation. The impact is limited to systems running the vulnerable python3.12-cryptography package on Red Hat Enterprise Linux 9 and related distributions.
Mitigation Recommendations
Red Hat has released updated python3.12-cryptography packages that fix this vulnerability. Users should apply the security update as described in the Red Hat advisory RHSA-2025:15608 and the referenced article https://access.redhat.com/articles/11258. Applying the official patch is the recommended remediation. No alternative mitigations or workarounds are indicated in the advisory.
Red Hat Security Advisory: python3.12-cryptography security update
Description
A NULL pointer dereference vulnerability exists in the python-cryptography library's pkcs12. serialize_key_and_certificates function when called with a non-matching certificate and private key along with an hmac_hash override (CVE-2024-26130). This issue affects python3. 12-cryptography packages in Red Hat Enterprise Linux 9 and related variants. Red Hat has issued an important security advisory with updated packages to address this flaw. No CVSS score is provided, but the vulnerability is rated as important by Red Hat Product Security. There are no known exploits in the wild at this time.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability CVE-2024-26130 involves a NULL pointer dereference in the python-cryptography library's pkcs12.serialize_key_and_certificates function. This occurs when the function is called with a non-matching certificate and private key combined with an hmac_hash override. The flaw can cause a denial of service or crash due to the NULL pointer dereference. Red Hat has released updated python3.12-cryptography packages for Red Hat Enterprise Linux 9 and its extended update support versions to fix this issue. The advisory does not provide a CVSS score but classifies the impact as important.
Potential Impact
The vulnerability may lead to a denial of service condition by causing a NULL pointer dereference crash in applications using the affected python-cryptography function. There are no reports of active exploitation. The impact is limited to systems running the vulnerable python3.12-cryptography package on Red Hat Enterprise Linux 9 and related distributions.
Mitigation Recommendations
Red Hat has released updated python3.12-cryptography packages that fix this vulnerability. Users should apply the security update as described in the Red Hat advisory RHSA-2025:15608 and the referenced article https://access.redhat.com/articles/11258. Applying the official patch is the recommended remediation. No alternative mitigations or workarounds are indicated in the advisory.
Technical Details
- Gcve Source
- db.gcve.eu
- Csaf Category
- csaf_security_advisory
- Csaf Version
- 2.0
- Publisher
- Red Hat Product Security
- Advisory Id
- RHSA-2025:15608
- Cve Count
- 1
- Additional Cves
- []
- Cvss Version
- null
Threat ID: 6a1f4e87e29bf47b50081663
Added to database: 6/2/2026, 9:43:35 PM
Last enriched: 6/2/2026, 10:11:05 PM
Last updated: 6/3/2026, 4:44:07 AM
Views: 2
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.