7.5
CVE-2020-25658
- EPSS 0.23%
- Published 12.11.2020 14:15:22
- Last modified 21.11.2024 05:18:22
- Source secalert@redhat.com
- Teams watchlist Login
- Open Login
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.
Data is provided by the National Vulnerability Database (NVD)
Python-rsa Project ≫ Python-rsa Version >= 2.1 < 4.7
Redhat ≫ Openstack Platform Version13.0
Redhat ≫ Openstack Platform Version16.0
Fedoraproject ≫ Fedora Version33
Fedoraproject ≫ Fedora Version34
Fedoraproject ≫ Fedora Version35
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.23% | 0.46 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 5.9 | 2.2 | 3.6 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 4.3 | 8.6 | 2.9 |
AV:N/AC:M/Au:N/C:P/I:N/A:N
|
| secalert@redhat.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-327 Use of a Broken or Risky Cryptographic Algorithm
The product uses a broken or risky cryptographic algorithm or protocol.
CWE-385 Covert Timing Channel
Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.