CVE-2020-25659

Published: Jan 11, 2021Modified: Nov 21, 2024

5.9

Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 2.2 / Impact: 3.6

Source: NVD

Description

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Affected (2)

Products: Cryptography.io: Cryptography · Oracle: Communications Cloud Native Core Network Function Cloud Native Environment

Cryptography.io

1 product

Cryptography

Oracle

1 product

Communications Cloud Native Core Network Function Cloud Native Environment

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Cryptography.io Cryptography	Version 3.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Oracle Communications Cloud Native Core Network Function Cloud Native Environment	Version 1.10.0

Related CWEs

CWE-385

Covert Timing Channel

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

References (6)

https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b

Source: secalert@redhat.com

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: secalert@redhat.com

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: secalert@redhat.com

PatchThird Party Advisory

https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpuapr2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.oracle.com/security-alerts/cpujul2022.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.