{"id":"CVE-2023-52323","details":"PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.","aliases":["GHSA-j225-cvw7-qrx7","PYSEC-2024-3"],"modified":"2026-04-10T05:06:30.512667Z","published":"2024-01-05T04:15:07.763Z","related":["ALSA-2024:2132","ALSA-2024:2952","ALSA-2024:2968","CGA-8r46-4grh-qgm4","SUSE-RU-2024:1829-1","SUSE-RU-2024:1829-2","SUSE-SU-2024:0557-1","SUSE-SU-2024:0585-1","SUSE-SU-2024:0601-1","openSUSE-SU-2024:13567-1","openSUSE-SU-2024:13568-1"],"references":[{"type":"ADVISORY","url":"https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst"},{"type":"ADVISORY","url":"https://pypi.org/project/pycryptodomex/#history"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/legrandin/pycryptodome","events":[{"introduced":"0"},{"fixed":"ed0c1ec63eb22dbe33b637bed381370a50e892bb"},{"introduced":"0"},{"fixed":"ed0c1ec63eb22dbe33b637bed381370a50e892bb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.19.1"},{"introduced":"0"},{"fixed":"3.19.1"}]}}],"versions":["v3.0","v3.0rc1","v3.0rc2","v3.0rc3","v3.1","v3.10.0","v3.10.1","v3.10.4","v3.11.0","v3.12.0","v3.13.0","v3.14.0","v3.14.1","v3.15.0","v3.16.0","v3.17.0","v3.18.0","v3.19.0","v3.19.1","v3.2","v3.2.1","v3.3","v3.3.1","v3.4","v3.4.1","v3.4.10","v3.4.11","v3.4.12","v3.4.2","v3.4.3","v3.4.4","v3.4.5","v3.4.6","v3.4.8","v3.4.9","v3.5.1","v3.6.0","v3.6.1","v3.6.2","v3.6.3","v3.6.4","v3.6.5","v3.6.6","v3.7.0","v3.7.1","v3.7.2","v3.7.3","v3.8.0","v3.8.1","v3.8.2","v3.9.0","v3.9.1","v3.9.2","v3.9.3","v3.9.4","v3.9.5","v3.9.6","v3.9.7","v3.9.8","v3.9.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-52323.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}