PYSEC-2020-100 — Vulnetix

PYSEC-2020-100 PUBLISHED

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Affected Products

Vendor	Product	Versions
PyPI	rsa	2.1, 3.0, 3.1

Timeline

Nov 12, 2020 CVE Published
Nov 8, 2023 CVE Updated

References

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 report
https://github.com/advisories/GHSA-xrx6-fmxq-rjj2 advisory
https://github.com/sybrenstuvel/python-rsa/issues/165 discussion

Open in Interactive Console →