CVE-2020-25658

moderate-risk

Published 2020-11-12

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

Do I need to act?

-

0.26% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

7

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (6)

Python-Rsa

Openstack Platform

Openstack Platform

Fedora

Fedora

Fedora

Affected Vendors

Redhat Fedoraproject Python-Rsa Project

References (10)

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

Exploit https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658

Exploit https://github.com/sybrenstuvel/python-rsa/issues/165

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

40

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 13/34 · Low