Fix CVE-2023-49083 in cryptography HIGH

Fix CVE-2023-49083 (NULL pointer dereference in PKCS12) in cryptography for PyPI. Paste your requirements.txt into PackageFix and get a patched version back — no CLI, no signup.

⚠ Vulnerability

CVE-2023-49083 — NULL pointer dereference in PKCS12 in cryptography. Update to 42.0.8 or later.

Vulnerable Version — requirements.txt

cryptography==36.0.0

Fixed Version — requirements.txt

cryptography==42.0.8

✓ Fix

Update to 42.0.8 and run pip install -r requirements.txt to apply the fix.

Scan your dependencies now — paste your manifest, get a fixed version back in seconds.

Open PackageFix →

No signup · No CLI · No GitHub connection · Runs 100% in your browser

Frequently Asked Questions

What is CVE-2023-49083?

CVE-2023-49083 is a vulnerability in cryptography that allows NULL pointer dereference in PKCS12. Update to version 42.0.8 or later to fix it.

Is CVE-2023-49083 on the CISA KEV catalog?

Check the live CISA KEV catalog at packagefix.dev — the catalog updates daily and PackageFix always reflects the current status.

How do I fix CVE-2023-49083 in cryptography?

Update cryptography to version 42.0.8 or later in your requirements.txt. Run pip install -r requirements.txt after updating.

Does CVE-2023-49083 affect all versions of cryptography?

Check the OSV advisory for the exact affected version range. PackageFix shows the minimum safe version for your installed version.