CVE-2020-25659

Name

CVE-2020-25659

Description

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
Patch	https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
MISC	https://www.oracle.com/security-alerts/cpuapr2022.html

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:python-cryptography_project:python-cryptography:3.2:::::::*`	python-cryptography	== None	== 3.2

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
py3-cryptography	edge-main	3.3.2-r0	None	fixed
py3-cryptography	edge-main	3.2.1-r0	None	fixed
py3-cryptography	edge-community	3.2.1-r0	None	fixed
py3-cryptography	3.22-community	3.2.1-r0	None	fixed
py3-cryptography	3.21-community	3.2.1-r0	None	fixed
py3-cryptography	3.20-community	3.2.1-r0	None	fixed
py3-cryptography	3.19-community	3.2.1-r0	None	fixed
py3-cryptography	3.18-community	3.2.1-r0	None	fixed
py3-cryptography	3.17-community	3.2.1-r0	None	fixed