CVE-2020-25659

Опубликовано: 11 янв. 2021

Источник: debian

EPSS Низкий

Описание

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
python-cryptography	fixed	3.2.1-1		package
python-cryptography	no-dsa		buster	package
python-cryptography	no-dsa		stretch	package

Примечания

https://github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
https://bugzilla.redhat.com/show_bug.cgi?id=1889988
https://github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494 (3.2)

EPSS

Процентиль: 49%

0.00252

Низкий

Связанные уязвимости

CVE-2020-25659

CVSS3: 5.9

ubuntu

больше 4 лет назад

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVE-2020-25659

CVSS3: 5.9

redhat

больше 4 лет назад

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVE-2020-25659

CVSS3: 5.9

nvd

больше 4 лет назад

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVE-2020-25659

CVSS3: 5.9

msrc

больше 4 лет назад

Описание отсутствует

openSUSE-SU-2020:2173-1

suse-cvrf

больше 4 лет назад

Security update for python-cryptography

EPSS

Процентиль: 49%

0.00252

Низкий