3 results (0.003 seconds)

CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data. Se encontró una falla en el paquete python-cryptography. Este problema puede permitir que un atacante remoto descifre mensajes capturados en servidores TLS que utilizan intercambios de claves RSA, lo que puede provocar la exposición de datos confidenciales o sensibles. • https://access.redhat.com/security/cve/CVE-2023-50782 https://bugzilla.redhat.com/show_bug.cgi?id=2254432 • CWE-203: Observable Discrepancy CWE-208: Observable Timing Discrepancy •

CVSS: 5.9EPSS: 0%CPEs: 2EXPL: 0

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext. python-cryptography versión 3.2, es vulnerable a ataques de sincronización de Bleichenbacher en la API de descifrado RSA, por medio del procesamiento cronometrado de texto cifrado PKCS#1 v1.5 válido A flaw was found in python-cryptography, where it is vulnerable to Bleichenbacher timing attacks. This flaw allows an attacker, via the RSA decryption API, to decrypt parts of the ciphertext encrypted with RSA. The highest threat from this vulnerability is to confidentiality. • https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b https://www.oracle.com/security-alerts/cpuapr2022.html https://www.oracle.com/security-alerts/cpujul2022.html https://access.redhat.com/security/cve/CVE-2020-25659 https://bugzilla.redhat.com/show_bug.cgi?id=1889988 • CWE-385: Covert Timing Channel •

CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0

A flaw was found in python-cryptography versions between >=1.9.0 and <2.3. The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries can cause key leakage. Se ha encontrado un error en python-cryptography, desde la versión 1.9.0 hasta la 2.3. • https://access.redhat.com/errata/RHSA-2018:3600 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10903 https://github.com/pyca/cryptography/pull/4342/commits/688e0f673bfbf43fa898994326c6877f00ab19ef https://usn.ubuntu.com/3720-1 https://access.redhat.com/security/cve/CVE-2018-10903 https://bugzilla.redhat.com/show_bug.cgi?id=1602931 • CWE-20: Improper Input Validation •