CVE-2020-25657

EPSS 0.41%
Veröffentlicht 12.01.2021 15:15:13
Zuletzt bearbeitet 21.11.2024 05:18:22
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

M2crypto Project ≫ M2crypto

Redhat ≫ Virtualization Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Fedoraproject ≫ Fedora Version33

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.41%	0.581

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-25657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25657

EUVD