GHSA-xrx6-fmxq-rjj2

Suggest an improvement
Source
https://github.com/advisories/GHSA-xrx6-fmxq-rjj2
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/04/GHSA-xrx6-fmxq-rjj2/GHSA-xrx6-fmxq-rjj2.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-xrx6-fmxq-rjj2
Aliases
Published
2021-04-30T17:35:15Z
Modified
2024-10-26T22:48:13.468228Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
  • 8.2 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Timing attacks in python-rsa
Details

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA

References

Affected packages

PyPI / rsa

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
4.7

Affected versions

3.*

3.0
3.0.1
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.2
3.2.1
3.2.2
3.2.3
3.3
3.4
3.4.1
3.4.2

4.*

4.0
4.1
4.1.1
4.2
4.3
4.4
4.4.1
4.5
4.6