A vulnerability was found in python-cryptography. In affected versions, Cipher.update_into
would accept Python objects which implement the buffer protocol but provide only immutable buffers. This issue allows immutable objects (such as bytes
) to be mutated, thus violating the fundamental rules of Python, resulting in corrupted output.