tlslite-ng is vulnerable to information disclosure. An RSA weakness that leaks information about the decrypted ciphertext such as the bit length of the decrypted message as well as where the first unexpected byte lays, allows an attacker to determine information about the plaintext.
CPE | Name | Operator | Version |
---|---|---|---|
tlslite-ng | le | 0.8.0-alpha38 | |
tlslite-ng | le | 0.7.5 |
github.com/advisories/GHSA-wvcv-832q-fjg7
github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
github.com/tlsfuzzer/tlslite-ng/pull/438
github.com/tlsfuzzer/tlslite-ng/pull/439
github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
pypi.org/project/tlslite-ng/
securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/