CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Configurations

Configuration 1 (hide)

cpe:2.3:a:python-rsa_project:python-rsa:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*
cpe:2.3:a:redhat:openstack_platform:16.0:*:*:*:*:*:*:*

Configuration 3 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

History

21 Nov 2024, 05:18

Type Values Removed Values Added
References () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 - Issue Tracking, Third Party Advisory () https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 - Issue Tracking, Third Party Advisory
References () https://github.com/sybrenstuvel/python-rsa/issues/165 - Exploit, Issue Tracking, Third Party Advisory () https://github.com/sybrenstuvel/python-rsa/issues/165 - Exploit, Issue Tracking, Third Party Advisory
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/ -
CVSS v2 : 4.3
v3 : 5.9
v2 : 4.3
v3 : 7.5

Information

Published : 2020-11-12 14:15

Updated : 2024-11-21 05:18


NVD link : CVE-2020-25658

Mitre link : CVE-2020-25658

CVE.ORG link : CVE-2020-25658


JSON object : View

Products Affected

redhat

  • openstack_platform

fedoraproject

  • fedora

python-rsa_project

  • python-rsa
CWE
CWE-385

Covert Timing Channel

CWE-327

Use of a Broken or Risky Cryptographic Algorithm