CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 1CVE-2020-25658 – python-rsa: bleichenbacher timing oracle attack against RSA decryption
https://notcve.org/view.php?id=CVE-2020-25658
12 Nov 2020 — It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. Se detectó que python-rsa es vulnerable a los ataques de sincronización de tipo Bleichenbacher. Un atacante puede utilizar este fallo por medio de la API de descifrado RSA para descifrar partes del texto cifrado con RSA A flaw was found in python-rsa, where it is vulnerable to Bleichenbacher timing attacks. This fla... • https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm CWE-385: Covert Timing Channel •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2020-13757 – python-rsa: decryption of ciphertext leads to DoS
https://notcve.org/view.php?id=CVE-2020-13757
01 Jun 2020 — Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Python-RSA versión 4.1, ignora bytes '\0' principales durante la desencriptación del texto cifrado. Esto podría tener un impacto relevante para la seguridad, por ejemplo, al ayudar... • https://github.com/sybrenstuvel/python-rsa/issues/146 • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •