High severityNVD Advisory· Published Nov 12, 2020· Updated Aug 4, 2024
CVE-2020-25658
CVE-2020-25658
Description
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rsaPyPI | >= 2.1, < 4.7 | 4.7 |
Affected products
1- Range: after 3.0 (inclusive)
Patches
1dae8ce0d8547Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle
2 files changed · +13 −4
CHANGELOG.md+5 −0 modified@@ -1,5 +1,10 @@ # Python-RSA changelog +## Version 4.7 - in development + +- Fix #165: CVE-2020-25658 - Bleichenbacher-style timing oracle in PKCS#1 v1.5 + decryption code + ## Version 4.4 & 4.6 - released 2020-06-12
rsa/pkcs1.py+8 −4 modified@@ -30,6 +30,7 @@ import os import sys import typing +from hmac import compare_digest from . import common, transform, core, key @@ -251,17 +252,20 @@ def decrypt(crypto: bytes, priv_key: key.PrivateKey) -> bytes: # Detect leading zeroes in the crypto. These are not reflected in the # encrypted value (as leading zeroes do not influence the value of an # integer). This fixes CVE-2020-13757. - if len(crypto) > blocksize: - raise DecryptionError('Decryption failed') + crypto_len_bad = len(crypto) > blocksize # If we can't find the cleartext marker, decryption failed. - if cleartext[0:2] != b'\x00\x02': - raise DecryptionError('Decryption failed') + cleartext_marker_bad = not compare_digest(cleartext[:2], b'\x00\x02') # Find the 00 separator between the padding and the message try: sep_idx = cleartext.index(b'\x00', 2) except ValueError: + sep_idx = -1 + sep_idx_bad = sep_idx < 0 + + anything_bad = crypto_len_bad | cleartext_marker_bad | sep_idx_bad + if anything_bad: raise DecryptionError('Decryption failed') return cleartext[sep_idx + 1:]
Vulnerability mechanics
Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.
References
20- github.com/advisories/GHSA-xrx6-fmxq-rjj2ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-25658ghsaADVISORY
- access.redhat.com/errata/RHSA-2020:5634ghsaWEB
- access.redhat.com/errata/RHSA-2021:0637ghsaWEB
- access.redhat.com/errata/RHSA-2022:1716ghsaWEB
- access.redhat.com/security/cve/CVE-2020-25658ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yamlghsaWEB
- github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41edghsaWEB
- github.com/sybrenstuvel/python-rsa/issues/165ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7ghsaWEB
News mentions
0No linked articles in our index yet.