CVE-2020-25659

Name
CVE-2020-25659
Description
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
NVD Severity
medium
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:python-cryptography_project:python-cryptography:3.2:*:*:*:*:*:*:* python-cryptography == None == 3.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
py3-cryptography 3.13-main 3.3.2-r0 August Klein <amatcoder@gmail.com> fixed