Описание
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
A flaw was found in PyCryptodome/pycryptodomex which may allow for side-channel leakage when performing OAEP decryption, which could be exploited to carry out a Manger attack.
Отчет
Red Hat Satellite ship affected version of pycryptodome for pulp_container, however, product is not vulnerable as it doesn't utilize OAEP algorithm technique. Red Hat Product Security has classified its impact as Low for Red Hat Satellite; future updates expected to address this issue. Red Hat OpenStack 16.1 and 16.2 versions include affected python-scciclient embedded through the python-crypto package, however, python-scciclient employs only one algorithm, which is AES. While the version of python-crypto we ship may be susceptible to a particular CVE, since affected algorithms are not utilized by OpenStack, the attack cannot be executed to exploit an OpenStack deployment
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Ansible Automation Platform 2 | python3x-jose | Not affected | ||
| Red Hat Ansible Automation Platform 2 | python-jose | Not affected | ||
| Red Hat Enterprise Linux 7 | fence-agents | Out of support scope | ||
| Red Hat Enterprise Linux 7 | resource-agents | Out of support scope | ||
| Red Hat OpenShift Container Platform 4 | pysnmp | Not affected | ||
| Red Hat OpenStack Platform 16.1 | python-crypto | Not affected | ||
| Red Hat OpenStack Platform 16.2 | python-crypto | Not affected | ||
| Red Hat OpenStack Platform 17.1 | pysnmp | Not affected | ||
| Red Hat OpenStack Platform 18.0 | pysnmp | Not affected | ||
| Red Hat Storage 3 | pysnmp | Affected |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakag ...
5.9 Medium
CVSS3