Description
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: High
Integrity: None
Availability: None
Affected Packages3 packages
Also affects: Fedora 31, 32, Ubuntu Linux 14.04
🔴Vulnerability Details
4GHSAPython-RSA decryption of ciphertext leads to DoS↗2021-03-24 OSVPython-RSA decryption of ciphertext leads to DoS↗2021-03-24 CVEListCVE-2020-13757: Python-RSA before 4↗2020-06-01 OSVCVE-2020-13757: Python-RSA before 4↗2020-06-01 📋Vendor Advisories
4UbuntuPython-RSA vulnerability↗2022-02-21 UbuntuPython-RSA vulnerability↗2020-08-31 Red Hatpython-rsa: decryption of ciphertext leads to DoS↗2020-05-27 DebianCVE-2020-13757: python-rsa - Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext...↗2020 💬Community
4BugzillaCVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS [openstack-rdo]↗2020-06-25 BugzillaCVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS [epel-all]↗2020-06-18 BugzillaCVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS↗2020-06-18 BugzillaCVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS [fedora-all]↗2020-06-18