CVE-2020-25659

EPSS 0.25%
Veröffentlicht 11.01.2021 16:15:15
Zuletzt bearbeitet 21.11.2024 05:18:22
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Cryptography.Io ≫ Cryptography Version3.2 SwPlatformpython

Oracle ≫ Communications Cloud Native Core Network Function Cloud Native Environment Version1.10.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.484

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	5.9	2.2	3.6	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N

CWE-385 Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

https://www.oracle.com/security-alerts/cpuapr2022.html

Patch

Third Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Patch

Third Party Advisory

https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2020-25659

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-25659

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-25659

EUVD