Lucene search

Arch LinuxASA-201601-24

HistoryJan 25, 2016 - 12:00 a.m.

python2-rsa: signature forgery

2016-01-2500:00:00

Arch Linux

lists.archlinux.org

EPSS

0.004

Percentile

74.7%

JSON

The verify function in the RSA package for Python (Python-RSA) before
3.3 allows attackers to spoof signatures with a small public exponent
via crafted signature padding, aka a BERserk attack.

OSVersionArchitecturePackageVersionFilename
anyanyanypython2-rsa< 3.3-1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
any	any	any	python2-rsa	< 3.3-1	UNKNOWN

References

bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff

blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/

web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-1494

EPSS

0.004

Percentile

74.7%

JSON

Related for ASA-201601-24