CVE-2020-25659 – cryptography

Package

Manager: pip
Name: cryptography
Vulnerable Version: >=0 <3.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00252 pctl0.48411

Details

RSA decryption vulnerable to Bleichenbacher timing vulnerability RSA decryption was vulnerable to Bleichenbacher timing vulnerabilities, which would impact people using RSA decryption in online scenarios. This is fixed in cryptography 3.2.

Metadata

Created: 2020-10-27T20:33:13Z
Modified: 2024-11-18T16:26:10Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2020/10/GHSA-hggm-jpg3-v476/GHSA-hggm-jpg3-v476.json
CWE IDs: ["CWE-385"]
Alternative ID: GHSA-hggm-jpg3-v476
Finding: F115
Auto approve: 1