CVE-2020-25658: Timing attacks in python-rsa
(updated )
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA
References
- access.redhat.com/errata/RHSA-2020:5634
- access.redhat.com/errata/RHSA-2021:0637
- access.redhat.com/errata/RHSA-2022:1716
- access.redhat.com/security/cve/CVE-2020-25658
- bugzilla.redhat.com/show_bug.cgi?id=1889972
- bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
- github.com/advisories/GHSA-xrx6-fmxq-rjj2
- github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yaml
- github.com/sybrenstuvel/python-rsa
- github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed
- github.com/sybrenstuvel/python-rsa/issues/165
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7
- nvd.nist.gov/vuln/detail/CVE-2020-25658
Detect and mitigate CVE-2020-25658 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →