Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.9
CVSSv3

CVE-2020-25659

Published: 11/01/2021 Updated: 09/02/2023
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.9 | Impact Score: 3.6 | Exploitability Score: 2.2
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N
Subscribe to Python-cryptography Project

Vulnerability Summary

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

python-cryptography project python-cryptography 3.2

oracle communications cloud native core network function cloud native environment 1.10.0

Vendor Advisories

Debian CVElist Bug Report Logs: python-cryptography: CVE-2020-25659: Bleichenbacher timing oracle attack against RSA decryption
Debian Bug report logs - #973247 python-cryptography: CVE-2020-25659: Bleichenbacher timing oracle attack against RSA decryption Package: src:python-cryptography; Maintainer for src:python-cryptography is Tristan Seligmann <mithrandi@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 27 Oct ...
Debian CVElist Bug Report Logs: python-cryptography: CVE-2023-50782
Debian Bug report logs - #1059308 python-cryptography: CVE-2023-50782 Package: src:python-cryptography; Maintainer for src:python-cryptography is Tristan Seligmann <mithrandi@debianorg>; Reported by: Moritz Mühlenhoff <jmm@inutilorg> Date: Fri, 22 Dec 2023 13:39:02 UTC Severity: important Tags: security, upstream ...

Github Repositories

https://github.com/AdiRashkes/python-tda-bug-hunt-2

FEATURE: SmartFix for Python The feature provides the minimum fix version of a given vulnerable direct that solves the biggest amount of vulnerabilities on top of a Pull-Request DEPENDENCY lyrebird==0105 VULNERABLE TRANSITIVE DEPENDENCIES mitmproxy==403 cryptography==222 VULNERABILITIES mitmproxy==403 -> CVE-2018-14505 cryptography==222 -> CVE-2020-

References

NVD-CWE-Otherhttps://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472bhttps://www.oracle.com/security-alerts/cpuapr2022.htmlhttps://www.oracle.com/security-alerts/cpujul2022.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=973247
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
path traversalCVE-2024-26978CVE-2024-26982wirelessCVE-2023-6949CVE-2024-26980CVE-2024-32766CVE-2024-26939cache poisoning
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook