Ubuntu.comUB:CVE-2023-52323CVE-2023-52323
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.3%
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for
OAEP decryption, exploitable for a Manger attack.
Notes
| Author | Note |
|---|---|
| mdeslaur | Ubuntu 20.04 LTS and older contain a substantially older codebase which would require major intrusive changes to remediate all side-channel attacks. Due to the high risk of regressions, we will not be fixing this issue in focal and older. If this issue is critical in your environment, we recommend migrating to a more recent version of Ubuntu. |
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| ubuntu | 22.04 | noarch | pycryptodome | < 3.11.0+dfsg1-3ubuntu0.1 | UNKNOWN |
| ubuntu | 23.10 | noarch | pycryptodome | < any | UNKNOWN |
References
github.com/Legrandin/pycryptodome/blob/master/Changelog.rst
launchpad.net/bugs/cve/CVE-2023-52323
nvd.nist.gov/vuln/detail/CVE-2023-52323
pypi.org/project/pycryptodomex/#history
security-tracker.debian.org/tracker/CVE-2023-52323
ubuntu.com/security/notices/USN-6595-1
www.cve.org/CVERecord?id=CVE-2023-52323
Related
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
5.5 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
37.3%