Vulnerability Details CVE-2020-25657
A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.2%
CVSS Severity
CVSS v3 Score 5.9
CVSS v2 Score 4.3
References
Products affected by CVE-2020-25657
-
cpe:2.3:a:m2crypto_project:m2crypto:-
-
cpe:2.3:a:m2crypto_project:m2crypto:0.0.9
-
cpe:2.3:a:m2crypto_project:m2crypto:0.15
-
cpe:2.3:a:m2crypto_project:m2crypto:0.16
-
cpe:2.3:a:m2crypto_project:m2crypto:0.17
-
cpe:2.3:a:m2crypto_project:m2crypto:0.18
-
cpe:2.3:a:m2crypto_project:m2crypto:0.18.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.18.2
-
cpe:2.3:a:m2crypto_project:m2crypto:0.19
-
cpe:2.3:a:m2crypto_project:m2crypto:0.19.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.20
-
cpe:2.3:a:m2crypto_project:m2crypto:0.20.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.20.2
-
cpe:2.3:a:m2crypto_project:m2crypto:0.21
-
cpe:2.3:a:m2crypto_project:m2crypto:0.21.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.22.3
-
cpe:2.3:a:m2crypto_project:m2crypto:0.22.4
-
cpe:2.3:a:m2crypto_project:m2crypto:0.22.5
-
cpe:2.3:a:m2crypto_project:m2crypto:0.23.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.24.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.25.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.25.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.26.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.26.2
-
cpe:2.3:a:m2crypto_project:m2crypto:0.26.3
-
cpe:2.3:a:m2crypto_project:m2crypto:0.26.4
-
cpe:2.3:a:m2crypto_project:m2crypto:0.27.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.28.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.28.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.28.2
-
cpe:2.3:a:m2crypto_project:m2crypto:0.29.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.30.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.30.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.31.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.32.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.33.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.34.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.35.1
-
cpe:2.3:a:m2crypto_project:m2crypto:0.35.2
-
cpe:2.3:a:m2crypto_project:m2crypto:0.36.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.37.0
-
cpe:2.3:a:m2crypto_project:m2crypto:0.37.1
-
cpe:2.3:a:redhat:virtualization:4.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:redhat:enterprise_linux:6.0
-
cpe:2.3:o:redhat:enterprise_linux:7.0