CVE-2016-6298

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-6298

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6298.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2016-6298

Aliases

Downstream

DEBIAN-CVE-2016-6298

UBUNTU-CVE-2016-6298

Published

2016-09-01T23:59:01.160Z

Modified

2025-11-14T04:46:01.165027Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

References

Affected packages

Git / github.com/latchset/jwcrypto

Affected ranges

Type: GIT
Repo: https://github.com/latchset/jwcrypto
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

b81d7ea6459b2ec42da519ba19f983e2f4416fbb

Fixed

eb5be5bd94c8cae1d7f3ba9801377084d8e5a7ba

Affected versions

v0.*

v0.1.0

v0.2.0

v0.2.1

v0.3.0

v0.3.1