CVE-2020-25658

CWE-385 CWE-327 — Broken Cryptographic Algorithm8 documents7 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 51.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Python-rsa Project Python-rsa Sybren A. Stüvel Python-rsa Fedoraproject Fedora +1 more

Timeline

PublishedNov 12

Latest updateApr 30

Description

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

▶NVDpython-rsa_project/python-rsa2.1 — 4.7

▶CVEListV5sybren_a._stüvel/python-rsaafter 3.0 (inclusive)

▶PyPIrsa2.1 — 4.7

▶NVDredhat/openstack_platform13.0, 16.0+1

Also affects: Fedora 33, 34, 35

🔴Vulnerability Details

GHSA

Timing attacks in python-rsa↗2021-04-30

▶

OSV

Timing attacks in python-rsa↗2021-04-30

▶

CVEList

CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks↗2020-11-12

▶

OSV

CVE-2020-25658: It was found that python-rsa is vulnerable to Bleichenbacher timing attacks↗2020-11-12

▶

📋Vendor Advisories

Red Hat

python-rsa: bleichenbacher timing oracle attack against RSA decryption↗2020-11-09

▶

Debian

CVE-2020-25658: python-rsa - It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An ...↗2020

▶

💬Community

Bugzilla

CVE-2020-25658 python-rsa: bleichenbacher timing oracle attack against RSA decryption↗2020-10-21

▶