GHSA-8rjr-6qq5-pj9p

Опубликовано: 14 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 5.3

Описание

Python RSA allows attackers to spoof signatures

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Ссылки

Пакеты

Наименование

rsa

pip

Затронутые версииВерсия исправления

< 3.3

3.3

EPSS

Процентиль: 89%

0.05091

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2016-1494

Дефекты

CWE-20

CWE-347

Связанные уязвимости

CVE-2016-1494

CVSS3: 5.3

ubuntu

почти 10 лет назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVE-2016-1494

CVSS3: 5.3

nvd

почти 10 лет назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVE-2016-1494

msrc

4 месяца назад

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

CVE-2016-1494

CVSS3: 5.3

debian

почти 10 лет назад

The verify function in the RSA package for Python (Python-RSA) before ...

openSUSE-SU-2016:0108-1

suse-cvrf

почти 10 лет назад

Security update for python-rsa

EPSS

Процентиль: 89%

0.05091

Низкий

5.3 Medium

CVSS3

CVE ID

CVE-2016-1494

Дефекты

CWE-20

CWE-347