Skip to content

RSA decryption vulnerable to Bleichenbacher timing vulnerability

Moderate severity GitHub Reviewed Published Oct 26, 2020 in pyca/cryptography • Updated Sep 13, 2024

Package

pip cryptography (pip)

Affected versions

< 3.2

Patched versions

3.2

Description

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2.

References

@alex alex published to pyca/cryptography Oct 26, 2020
Reviewed Oct 27, 2020
Published to the GitHub Advisory Database Oct 27, 2020
Published by the National Vulnerability Database Jan 11, 2021
Last updated Sep 13, 2024

Severity

Moderate

EPSS score

0.134%
(50th percentile)

Weaknesses

CVE ID

CVE-2020-25659

GHSA ID

GHSA-hggm-jpg3-v476

Source code

Credits

Loading Checking history
See something to contribute? Suggest improvements for this vulnerability.