{"id":"GHSA-j225-cvw7-qrx7","summary":"PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption","details":"PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.","aliases":["CVE-2023-52323","PYSEC-2024-3"],"modified":"2026-02-04T03:54:06.305180Z","published":"2024-01-05T06:30:19Z","related":["CGA-8r46-4grh-qgm4"],"database_specific":{"github_reviewed_at":"2024-01-05T17:25:46Z","cwe_ids":["CWE-203"],"severity":"HIGH","nvd_published_at":"2024-01-05T04:15:07Z","github_reviewed":true},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-52323"},{"type":"WEB","url":"https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd"},{"type":"PACKAGE","url":"https://github.com/Legrandin/pycryptodome"},{"type":"WEB","url":"https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst"},{"type":"WEB","url":"https://github.com/pypa/advisory-database/tree/main/vulns/pycryptodomex/PYSEC-2024-3.yaml"},{"type":"WEB","url":"https://pypi.org/project/pycryptodomex/#history"}],"affected":[{"package":{"name":"pycryptodomex","ecosystem":"PyPI","purl":"pkg:pypi/pycryptodomex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.19.1"}]}],"versions":["3.10.1","3.10.3","3.10.4","3.11.0","3.12.0","3.13.0","3.14.0","3.14.1","3.15.0","3.16.0","3.17","3.18.0","3.19.0","3.4.1","3.4.11","3.4.12","3.4.2","3.4.3","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5.1","3.6.0","3.6.1","3.6.3","3.6.4","3.6.5","3.6.6","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.8.1","3.8.2","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.6","3.9.7","3.9.8","3.9.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-j225-cvw7-qrx7/GHSA-j225-cvw7-qrx7.json"}},{"package":{"name":"pycryptodome","ecosystem":"PyPI","purl":"pkg:pypi/pycryptodome"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.19.1"}]}],"versions":["3.0","3.0rc1","3.1","3.10.1","3.10.3","3.10.4","3.11.0","3.12.0","3.13.0","3.14.0","3.14.1","3.15.0","3.16.0","3.17","3.18.0","3.19.0","3.2","3.2.1","3.3","3.3.1","3.4","3.4.11","3.4.3","3.4.4","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5.0","3.5.1","3.6.0","3.6.1","3.6.3","3.6.4","3.6.5","3.6.6","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.8.1","3.8.2","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.6","3.9.7","3.9.8","3.9.9"],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/01/GHSA-j225-cvw7-qrx7/GHSA-j225-cvw7-qrx7.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N"},{"type":"CVSS_V4","score":"CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N"}]}