CVE-2020-25659

CWE-385 CWE-20312 documents9 sources

Severity

5.9MEDIUM

EPSS

0.3%

top 51.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Cryptography.io Cryptography Oracle Communications Cloud Native Core Network Function Cloud Native Environment

Timeline

PublishedJan 11

Latest updateFeb 13

Description

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages5 packages

▶Debianpython-cryptography< 3.2.1-1+3

▶CVEListV5python-cryptographypython-cryptography 3.2

▶PyPIcryptography< 3.2

▶NVDcryptography.io/cryptography3.2

▶NVDoracle/communications_cloud_native_core_network_function_cloud_native_environment1.10.0

Patches

Patch: github.com ↗Patch: www.oracle.com ↗Patch: www.oracle.com ↗

🔴Vulnerability Details

OSV

CVE-2020-25659: python-cryptography 3↗2021-01-11

▶

CVEList

CVE-2020-25659: python-cryptography 3↗2021-01-11

▶

GHSA

RSA decryption vulnerable to Bleichenbacher timing vulnerability↗2020-10-27

▶

OSV

RSA decryption vulnerable to Bleichenbacher timing vulnerability↗2020-10-27

▶

📋Vendor Advisories

Microsoft

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659↗2024-02-13

▶

Red Hat

python-cryptography: Bleichenbacher timing oracle attack against RSA decryption - incomplete fix for CVE-2020-25659↗2023-12-13

▶

Microsoft

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API via timed processing of valid PKCS#1 v1.5 ciphertext.↗2021-01-12

▶

Ubuntu

python-cryptography vulnerability↗2020-11-03

▶

Red Hat

python-cryptography: Bleichenbacher timing oracle attack against RSA decryption↗2020-10-25

▶

💬Community

Bugzilla

CVE-2020-25659 python-cryptography: Bleichenbacher timing oracle attack against RSA decryption↗2020-10-21

▶