Vulnerability Details CVE-2020-25658
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 49.9%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 4.3
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://github.com/sybrenstuvel/python-rsa/issues/165
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- https://github.com/sybrenstuvel/python-rsa/issues/165
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/
Products affected by CVE-2020-25658
-
cpe:2.3:a:python-rsa_project:python-rsa:2.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.0
-
cpe:2.3:a:python-rsa_project:python-rsa:3.0.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.1.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.1.2
-
cpe:2.3:a:python-rsa_project:python-rsa:3.1.3
-
cpe:2.3:a:python-rsa_project:python-rsa:3.1.4
-
cpe:2.3:a:python-rsa_project:python-rsa:3.2
-
cpe:2.3:a:python-rsa_project:python-rsa:3.2.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.2.2
-
cpe:2.3:a:python-rsa_project:python-rsa:3.2.3
-
cpe:2.3:a:python-rsa_project:python-rsa:3.3
-
cpe:2.3:a:python-rsa_project:python-rsa:3.4
-
cpe:2.3:a:python-rsa_project:python-rsa:3.4.1
-
cpe:2.3:a:python-rsa_project:python-rsa:3.4.2
-
cpe:2.3:a:python-rsa_project:python-rsa:4.0
-
cpe:2.3:a:python-rsa_project:python-rsa:4.1
-
cpe:2.3:a:python-rsa_project:python-rsa:4.2
-
cpe:2.3:a:python-rsa_project:python-rsa:4.3
-
cpe:2.3:a:python-rsa_project:python-rsa:4.4
-
cpe:2.3:a:python-rsa_project:python-rsa:4.4.1
-
cpe:2.3:a:python-rsa_project:python-rsa:4.5
-
cpe:2.3:a:python-rsa_project:python-rsa:4.6
-
cpe:2.3:a:redhat:openstack_platform:13.0
-
cpe:2.3:a:redhat:openstack_platform:16.0
-
cpe:2.3:o:fedoraproject:fedora:33
-
cpe:2.3:o:fedoraproject:fedora:34
-
cpe:2.3:o:fedoraproject:fedora:35