CVE-2020-25658

Опубликовано: 12 нояб. 2020

Источник: debian

Описание

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-rsa	unfixed			package

Примечания

https://github.com/sybrenstuvel/python-rsa/issues/165
Presumed fix upstream in 4.7 does not address the issue:
https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-727580521
The library doesn't intend to guard against this: https://github.com/sybrenstuvel/python-rsa/issues/165#issuecomment-1603113867

Связанные уязвимости

CVE-2020-25658

CVSS3: 7.5

ubuntu

около 5 лет назад

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CVE-2020-25658

CVSS3: 5.9

redhat

около 5 лет назад

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CVE-2020-25658

CVSS3: 7.5

nvd

около 5 лет назад

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

SUSE-SU-2023:0648-1

suse-cvrf

почти 3 года назад

Security update for python-rsa

SUSE-SU-2022:3932-1

suse-cvrf

около 3 лет назад

Security update for python-rsa