Vulnerabilites related to Sybren A. Stüvel - python-rsa
cve-2020-25658
Vulnerability from cvelistv5
Published
2020-11-12 13:48
Modified
2024-08-04 15:40
Severity ?
EPSS score ?
Summary
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 | x_refsource_CONFIRM | |
| https://github.com/sybrenstuvel/python-rsa/issues/165 | x_refsource_MISC | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ | vendor-advisory, x_refsource_FEDORA | |
| https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ | vendor-advisory, x_refsource_FEDORA |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| Sybren A. Stüvel | python-rsa |
Version: after 3.0 (inclusive) |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T15:40:36.903Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://github.com/sybrenstuvel/python-rsa/issues/165", }, { name: "FEDORA-2021-783a157adc", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/", }, { name: "FEDORA-2021-c1fef03e71", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/", }, { name: "FEDORA-2021-15e50503d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", "x_transferred", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "python-rsa", vendor: "Sybren A. Stüvel", versions: [ { status: "affected", version: "after 3.0 (inclusive)", }, ], }, ], descriptions: [ { lang: "en", value: "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.", }, ], metrics: [ { cvssV3_1: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.1", }, }, ], problemTypes: [ { descriptions: [ { cweId: "CWE-385", description: "CWE-385", lang: "en", type: "CWE", }, ], }, ], providerMetadata: { dateUpdated: "2021-09-25T00:07:41", orgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", shortName: "redhat", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658", }, { tags: [ "x_refsource_MISC", ], url: "https://github.com/sybrenstuvel/python-rsa/issues/165", }, { name: "FEDORA-2021-783a157adc", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/", }, { name: "FEDORA-2021-c1fef03e71", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/", }, { name: "FEDORA-2021-15e50503d6", tags: [ "vendor-advisory", "x_refsource_FEDORA", ], url: "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/", }, ], }, }, cveMetadata: { assignerOrgId: "53f830b8-0a3f-465b-8143-3b8a9948e749", assignerShortName: "redhat", cveId: "CVE-2020-25658", datePublished: "2020-11-12T13:48:31", dateReserved: "2020-09-16T00:00:00", dateUpdated: "2024-08-04T15:40:36.903Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }