Lucene search

K
ubuntucveUbuntu.comUB:CVE-2020-25659
HistoryOct 28, 2020 - 12:00 a.m.

CVE-2020-25659

2020-10-2800:00:00
ubuntu.com
ubuntu.com
18
cryptography rsa decryption bleichenbacher timing attacks unix cve-2020-25659 bugs debian redhat pkcs#1 ciphertext.

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.7%

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in
the RSA decryption API, via timed processing of valid PKCS#1 v1.5
ciphertext.

Bugs

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchpython-cryptography< 2.1.4-1ubuntu1.4UNKNOWN
ubuntu20.04noarchpython-cryptography< 2.8-3ubuntu0.1UNKNOWN
ubuntu20.10noarchpython-cryptography< 3.0-1ubuntu0.1UNKNOWN
ubuntu16.04noarchpython-cryptography< 1.2.3-1ubuntu0.3UNKNOWN

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS3

5.9

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

44.7%