CVE-2020-25657

Published: Jan 12, 2021Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

Affected (5)

Products: M2crypto Project: M2crypto · Redhat: Enterprise Linux, Virtualization · Fedoraproject: Fedora

M2crypto Project

1 product

2 products

Enterprise Linux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
M2crypto Project M2crypto	All versions

Configuration B

3 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 6.0
Redhat Enterprise Linux	Version 7.0
Redhat Virtualization	Version 4.0

Configuration C

1 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 33

Related CWEs

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References (2)

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

Source: secalert@redhat.com

Issue TrackingThird Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1889823

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

Timeline

No history available yet.