PYSEC-2020-100

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/rsa/PYSEC-2020-100.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-100
Aliases
Published
2020-11-12T14:15:00Z
Modified
2023-11-01T04:52:39.556404Z
Summary
[none]
Details

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

References

Affected packages

PyPI / rsa

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2.1
Fixed
4.7

Affected versions

3.*

3.0
3.0.1
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.2
3.2.1
3.2.2
3.2.3
3.3
3.4
3.4.1
3.4.2

4.*

4.0
4.1
4.1.1
4.2
4.3
4.4
4.4.1
4.5
4.6