CVE-2020-25658

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

References

Affected packages

Debian:11 / python-rsa

Package

Name: python-rsa
Purl: pkg:deb/debian/python-rsa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.0-4

4.7.2-1

4.8-1

4.9-1

4.9-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:12 / python-rsa

Package

Name: python-rsa
Purl: pkg:deb/debian/python-rsa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8-1

4.9-1

4.9-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Debian:13 / python-rsa

Package

Name: python-rsa
Purl: pkg:deb/debian/python-rsa?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.8-1

4.9-1

4.9-2

Ecosystem specific

{
    "urgency": "unimportant"
}

Git / github.com/sybrenstuvel/python-rsa

Affected ranges

Type: GIT
Repo: https://github.com/sybrenstuvel/python-rsa
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

fa3282a47457254385f2313c2eceaad4b06186a4

Affected versions

version-1.*

version-1.1

version-1.2

version-1.3

version-1.3.1

version-1.3.2

version-1.3.3

version-2.*

version-2.0

version-3.*

version-3.0

version-3.0.1

version-3.1

version-3.1.1

version-3.1.2

version-3.1.3

version-3.1.4

version-3.2

version-3.2.1

version-3.2.2

version-3.2.3

version-3.3

version-3.4

version-3.4.1

version-3.4.2

version-4.*

version-4.0

version-4.1

version-4.2

version-4.4

version-4.4.1

version-4.6