Python-RSA prior to 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an malicious user to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
python-rsa project python-rsa |
||
fedoraproject fedora 31 |
||
fedoraproject fedora 32 |
||
canonical ubuntu linux 14.04 |