x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2023-38325

[GoVulnBot]

CVE-2023-38325 references github.com/pyca/cryptography, which may be a Go module.

Description:
The cryptography package before 41.0.2 for Python mishandles SSH certificates that have critical options.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2023-38325
• JSON: /~https://github.com/CVEProject/cvelist/tree/6d9f16c230f4331b4c2a0ac30590786fc0fe3f4b/2023/38xxx/CVE-2023-38325.json
• report: SSH certificate encoding/parsing incompatibility with OpenSSH pyca/cryptography#9207
• fix: Fix encoding of SSH certs with critical options pyca/cryptography#9208
• web: https://pypi.org/project/cryptography/#history
• web: pyca/cryptography@41.0.1...41.0.2
• Imported by: https://pkg.go.dev/github.com/pyca/cryptography?tab=importedby

Cross references:

• Module github.com/pyca/cryptography appears in issue x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2020-25659 #430 NOT_GO_CODE
• Module github.com/pyca/cryptography appears in issue x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2020-36242 #431 NOT_GO_CODE
• Module github.com/pyca/cryptography appears in issue x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2023-23931 #1536 NOT_GO_CODE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/pyca/cryptography
      vulnerable_at: 0.0.0-20230714123722-04c4ea58b46a
      packages:
        - package: n/a
description: |-
    The cryptography package before 41.0.2 for Python mishandles SSH certificates
    that have critical options.
cves:
    - CVE-2023-38325
references:
    - report: /~https://github.com/pyca/cryptography/issues/9207
    - fix: /~https://github.com/pyca/cryptography/pull/9208
    - web: https://pypi.org/project/cryptography/#history
    - web: /~https://github.com/pyca/cryptography/compare/41.0.1...41.0.2

[gopherbot]

Change https://go.dev/cl/513195 mentions this issue: data/excluded: batch add 26 excluded reports