High severityNVD Advisory· Published Nov 12, 2020· Updated Aug 4, 2024
CVE-2020-25658
CVE-2020-25658
Description
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
rsaPyPI | >= 2.1, < 4.7 | 4.7 |
Affected products
13- ghsa-coords12 versionspkg:pypi/rsapkg:rpm/opensuse/python-rsa&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/python-rsa&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python-rsa&distro=openSUSE%20Leap%20Micro%205.2pkg:rpm/opensuse/python-rsa&distro=openSUSE%20Tumbleweedpkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Micro%205.2pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Micro%205.3pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP4pkg:rpm/suse/python-rsa&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Public%20Cloud%2012
>= 2.1, < 4.7+ 11 more
- (no CPE)range: >= 2.1, < 4.7
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 4.7.2-1.5
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.4.2-150000.3.7.1
- (no CPE)range: < 3.1.4-12.19.2
- Range: after 3.0 (inclusive)
Patches
Vulnerability mechanics
References
20- github.com/advisories/GHSA-xrx6-fmxq-rjj2ghsaADVISORY
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/mitrevendor-advisoryx_refsource_FEDORA
- nvd.nist.gov/vuln/detail/CVE-2020-25658ghsaADVISORY
- access.redhat.com/errata/RHSA-2020:5634ghsaWEB
- access.redhat.com/errata/RHSA-2021:0637ghsaWEB
- access.redhat.com/errata/RHSA-2022:1716ghsaWEB
- access.redhat.com/security/cve/CVE-2020-25658ghsaWEB
- bugzilla.redhat.com/show_bug.cgighsaWEB
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yamlghsaWEB
- github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41edghsaWEB
- github.com/sybrenstuvel/python-rsa/issues/165ghsax_refsource_MISCWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7ghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWAghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJPghsaWEB
- lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7ghsaWEB
News mentions
0No linked articles in our index yet.