CVE-2020-25659

EPSS 0.25%
Published 11.01.2021 16:15:15
Last modified 21.11.2024 05:18:22
Source secalert@redhat.com
Teams watchlist Login
Open Login

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Affected products Warnungen 0 Metrics 3 CWE 1 References 6

Data is provided by the National Vulnerability Database (NVD)

Cryptography.Io ≫ Cryptography Version3.2 SwPlatformpython

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25659

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25659

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25659

EUVD