Skip to content

RSA decryption vulnerable to Bleichenbacher timing vulnerability

Moderate
alex published GHSA-hggm-jpg3-v476 Oct 26, 2020

Package

cryptography (pypi)

Affected versions

<3.2

Patched versions

3.2

Description

Impact

RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios.

Patches

This is fixed in cryptography 3.2. 58494b4 is the resolving commit.

Severity

Moderate

CVE ID

CVE-2020-25659

Weaknesses

No CWEs

Credits