It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
CPE | Name | Operator | Version |
---|---|---|---|
fedora | eq | 33 | |
fedora | eq | 34 | |
fedora | eq | 35 | |
python-rsa | ge | 2.1 | |
python-rsa | lt | 4.7 | |
openstack_platform | eq | 16.0 | |
openstack_platform | eq | 13.0 |
bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658
github.com/sybrenstuvel/python-rsa/issues/165
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/