CVE-2016-1494

Published: 13/01/2016 Updated: 31/05/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 447

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

The verify function in the RSA package for Python (Python-RSA) prior to 3.3 allows malicious users to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.

Vulnerable Product	Search on Vulmon	Subscribe to Product
python rsa
fedoraproject fedora 22
fedoraproject fedora 23
opensuse leap 42.1
opensuse opensuse 13.1
opensuse opensuse 13.2

Debian Bug report logs - #809980 python-rsa: CVE-2016-1494: Signature forgery using Bleichenbacher'06 attack Package: src:python-rsa; Maintainer for src:python-rsa is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Daniel Stender <debian@danielstendercom> Date: Tue, 5 Jan 2016 ...

It was found that python-rsa is vulnerable to Bleichenbacher'06 attack, allowing attacker to fake signatures for any public key with low exponent (CVE-2016-1494) ...

python-tda-bug-hunt-0 DEPENDENCY #oauth2client==13 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #rsa==314 VULNERABILITIES WS-2013-0018 WS-2012-0012 CVE-2020-25658 CVE-2020-13757 CVE-2016-1494

Digital-Signature-Forgery-by-Exploiting-python-RSA-Vulnerability - CVE-2016-1494 CVE-2016-1494 The verify function in the RSA package for Python (Python-RSA) before 33 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack Description This python script basically exploits the vulnerability CVE-2016-1494 found in

SCZ文档抄录原文来自 scz617cn 作者SCZ是我学习的榜样，对于各种技术问题的深入钻研，令我十分钦佩。分享的知识点，也在实际工作中对我有很大的帮助。将scz的技术文档抄录于此，以备不时之需。 Misc 2016-07-28 11:39 JEB 206 52pojie破解方案简评 2016-07-01 16:37 DSA相关的趣味数学题(1)

Digital-Signature-Forgery-by-Exploiting-python-RSA-Vulnerability - CVE-2016-1494 CVE-2016-1494 The verify function in the RSA package for Python (Python-RSA) before 33 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack Description This python script basically exploits the vulnerability CVE-2016-1494 found in

CWE-20 http://www.openwall.com/lists/oss-security/2016/01/05/3 http://www.openwall.com/lists/oss-security/2016/01/05/1 https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html http://www.securityfocus.com/bid/79829 https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=809980 https://alas.aws.amazon.com/ALAS-2016-644.html

CVE-2016-1494

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect