Published: 01/06/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Python-RSA prior to 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an malicious user to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Vulnerable Product	Search on Vulmon	Subscribe to Product
python-rsa project python-rsa
fedoraproject fedora 31
fedoraproject fedora 32
canonical ubuntu linux 14.04

Debian Bug report logs - #962142 python-rsa: CVE-2020-13757 Package: src:python-rsa; Maintainer for src:python-rsa is Debian Python Modules Team <python-modules-team@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Wed, 3 Jun 2020 19:30:02 UTC Severity: important Tags: security, ...

Synopsis Important: OpenShift Container Platform 456 security update Type/Severity Security Advisory: Important Topic An update for jenkins-2-plugins and python-rsa is now available for Red Hat OpenShift Container Platform 45Red Hat Product Security has rated this update as having a security impact of I ...

Synopsis Important: OpenShift Container Platform 311 security update Type/Severity Security Advisory: Important Topic An update for jenkins, jenkins-2-plugins, openshift-ansible, and python-rsa is now available for Red Hat OpenShift Container Platform 311Red Hat Product Security has rated this update as ...

Python-RSA before 41 ignores leading '\0' bytes during decryption of ciphertext This could conceivably have a security-relevant impact, eg, by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation) (CVE-2020-13757) ...

Python-RSA before 41 ignores leading '\0' bytes during decryption of ciphertext This could conceivably have a security-relevant impact, eg, by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation) A flaw was found i ...

PAN-SA-2024-0001 Informational Bulletin: Impact of OSS CVEs in PAN-OS ...

python-tda-bug-hunt-0 DEPENDENCY #oauth2client==13 VULNERABLE DEPENDENCY IN THE PACKAGE TREE #rsa==314 VULNERABILITIES WS-2013-0018 WS-2012-0012 CVE-2020-25658 CVE-2020-13757 CVE-2016-1494

CWE-327 https://github.com/sybrenstuvel/python-rsa/issues/146 https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 https://usn.ubuntu.com/4478-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962142 https://nvd.nist.gov https://alas.aws.amazon.com/AL2/ALAS-2020-1470.html

CVE-2020-13757

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect