Lucene search
Veracode Vulnerability DatabaseVERACODE:28801HistoryDec 23, 2020 - 5:19 a.m.
Timing Attack
2020-12-2305:19:52
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
5
0.003 Low
EPSS
Percentile
69.6%
tlslite-ng is vulnerable to information disclosure. An RSA weakness that leaks information about the decrypted ciphertext such as the bit length of the decrypted message as well as where the first unexpected byte lays, allows an attacker to determine information about the plaintext.
| CPE | Name | Operator | Version |
|---|---|---|---|
| tlslite-ng | le | 0.8.0-alpha38 | |
| tlslite-ng | le | 0.7.5 |
References
github.com/advisories/GHSA-wvcv-832q-fjg7
github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
github.com/tlsfuzzer/tlslite-ng/pull/438
github.com/tlsfuzzer/tlslite-ng/pull/439
github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
pypi.org/project/tlslite-ng/
securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
Related
nvd
nvd
CVE-2020-26263
2020-12-21 17:15:12
debiancve
debiancve
CVE-2020-26263
2020-12-21 17:15:12
cvelist
cvelist
CVE-2020-26263 RSA vulnerability in tslite-ng
2020-12-21 16:55:18
osv
osv
RSA weakness in tslite-ng
2020-12-21 16:56:37
PYSEC-2020-143
2020-12-21 17:15:00
CVE-2020-26263
2020-12-21 17:15:12
cve
cve
CVE-2020-26263
2020-12-21 17:15:12
prion
prion
Design/Logic Flaw
2020-12-21 17:15:00
ubuntucve
ubuntucve
CVE-2020-26263
2020-12-21 00:00:00
github
github
RSA weakness in tslite-ng
2020-12-21 16:56:37