pysec-2020-99
Vulnerability from pysec
Published
2020-06-01 19:15
Modified
2020-09-02 16:15
Details
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
Aliases
{
"affected": [
{
"package": {
"ecosystem": "PyPI",
"name": "rsa",
"purl": "pkg:pypi/rsa"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"1.1",
"1.2",
"1.3",
"1.3.1",
"1.3.2",
"1.3.3",
"2.0",
"3.0",
"3.0.1",
"3.1",
"3.1.1",
"3.1.2",
"3.1.3",
"3.1.4",
"3.2",
"3.2.1",
"3.2.2",
"3.2.3",
"3.3",
"3.4",
"3.4.1",
"3.4.2",
"4.0"
]
}
],
"aliases": [
"CVE-2020-13757",
"GHSA-537h-rv9q-vvph"
],
"details": "Python-RSA before 4.1 ignores leading \u0027\\0\u0027 bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).",
"id": "PYSEC-2020-99",
"modified": "2020-09-02T16:15:00Z",
"published": "2020-06-01T19:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://github.com/sybrenstuvel/python-rsa/issues/146"
},
{
"type": "REPORT",
"url": "https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4478-1/"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-537h-rv9q-vvph"
}
]
}
Loading...