CVE-2020-25657

EPSS 0.41%
Published 12.01.2021 15:15:13
Last modified 21.11.2024 05:18:22
Source secalert@redhat.com
Teams watchlist Login
Open Login

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

M2crypto Project ≫ M2crypto

Redhat ≫ Virtualization Version4.0

Redhat ≫ Enterprise Linux Version6.0

Redhat ≫ Enterprise Linux Version7.0

Fedoraproject ≫ Fedora Version33

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.41%	0.581

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

Third Party Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2020-25657

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25657

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25657

EUVD