Описание
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality.
Отчет
In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-cryptography package.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| CloudForms Management Engine 5 | python-cryptography | Not affected | ||
| Red Hat Ansible Automation Platform 1.2 | python-cryptography | Will not fix | ||
| Red Hat Ansible Engine 2 | python-cryptography | Out of support scope | ||
| Red Hat Ansible Tower 3 | cryptography | Out of support scope | ||
| Red Hat Enterprise Linux 7 | python-cryptography | Will not fix | ||
| Red Hat Enterprise Linux 9 | python-cryptography | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | python-cryptography | Will not fix | ||
| Red Hat Enterprise Linux 8 | python-cryptography | Fixed | RHSA-2021:1608 | 18.05.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-babel | Fixed | RHSA-2021:3254 | 24.08.2021 |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | rh-python38-python | Fixed | RHSA-2021:3254 | 24.08.2021 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks ...
5.9 Medium
CVSS3