CVE-2020-25657

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1889823 Issue Tracking Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1889823 Issue Tracking Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:m2crypto_project:m2crypto:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:virtualization:4.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*

Configuration 3 (hide)

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=1889823 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=1889823 - Issue Tracking, Third Party Advisory

Information

Published : 2021-01-12 15:15

Updated : 2024-11-21 05:18


NVD link : CVE-2020-25657

Mitre link : CVE-2020-25657

CVE.ORG link : CVE-2020-25657


JSON object : View

Products Affected

m2crypto_project

  • m2crypto

redhat

  • enterprise_linux
  • virtualization

fedoraproject

  • fedora
CWE
CWE-385

Covert Timing Channel

NVD-CWE-Other