PYSEC-2020-99

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/rsa/PYSEC-2020-99.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2020-99
Aliases
Published
2020-06-01T19:15:00Z
Modified
2023-11-01T04:51:48.252045Z
Summary
[none]
Details

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

References

Affected packages

PyPI / rsa

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.1

Affected versions

1.*

1.1
1.2
1.3
1.3.1
1.3.2
1.3.3

2.*

2.0

3.*

3.0
3.0.1
3.1
3.1.1
3.1.2
3.1.3
3.1.4
3.2
3.2.1
3.2.2
3.2.3
3.3
3.4
3.4.1
3.4.2

4.*

4.0