Medium severity5.3NVD Advisory· Published Jan 13, 2016· Updated Jun 17, 2026
CVE-2016-1494
CVE-2016-1494
Description
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rsaPyPI | < 3.3 | 3.3 |
Affected products
8cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
- ghsa-coords2 versionspkg:pypi/rsapkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012
< 3.3+ 1 more
- (no CPE)range: < 3.3
- (no CPE)range: < 3.1.4-11.1
Patches
Vulnerability mechanics
References
13- blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/nvdExploitThird Party Advisory
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.htmlnvdThird Party AdvisoryWEB
- lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.htmlnvdThird Party AdvisoryWEB
- lists.opensuse.org/opensuse-updates/2016-01/msg00032.htmlnvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/05/1nvdMailing ListThird Party AdvisoryWEB
- www.openwall.com/lists/oss-security/2016/01/05/3nvdMailing ListThird Party AdvisoryWEB
- www.securityfocus.com/bid/79829nvdThird Party AdvisoryVDB Entry
- github.com/advisories/GHSA-8rjr-6qq5-pj9pghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2016-1494ghsaADVISORY
- blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsaghsaWEB
- github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2016-10.yamlghsaWEB
- github.com/sybrenstuvel/python-rsa/commit/ab5d21c3b554f926d51ff3ad9c794bcf32e95b3cghsaWEB
- web.archive.org/web/20210123020914/http://www.securityfocus.com/bid/79829ghsaWEB
News mentions
0No linked articles in our index yet.