CVE-2020-25659: RSA decryption vulnerable to Bleichenbacher timing vulnerability
(updated )
RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2.
References
- github.com/advisories/GHSA-hggm-jpg3-v476
- github.com/pyca/cryptography
- github.com/pyca/cryptography/commit/58494b41d6ecb0f56b7c5f05d5f5e3ca0320d494
- github.com/pyca/cryptography/pull/5507
- github.com/pyca/cryptography/security/advisories/GHSA-hggm-jpg3-v476
- github.com/pypa/advisory-database/tree/main/vulns/cryptography/PYSEC-2021-62.yaml
- nvd.nist.gov/vuln/detail/CVE-2020-25659
- pypi.org/project/cryptography
- www.oracle.com/security-alerts/cpuapr2022.html
- www.oracle.com/security-alerts/cpujul2022.html
Detect and mitigate CVE-2020-25659 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →