{"id":"PYSEC-2020-100","details":"It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.","aliases":["CVE-2020-25658","GHSA-xrx6-fmxq-rjj2"],"modified":"2023-11-08T04:03:11.202381Z","published":"2020-11-12T14:15:00Z","references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"},{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/165"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-xrx6-fmxq-rjj2"}],"affected":[{"package":{"name":"rsa","ecosystem":"PyPI","purl":"pkg:pypi/rsa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"2.1"},{"fixed":"4.7"}]}],"versions":["3.0","3.0.1","3.1","3.1.1","3.1.2","3.1.3","3.1.4","3.2","3.2.1","3.2.2","3.2.3","3.3","3.4","3.4.1","3.4.2","4.0","4.1","4.1.1","4.2","4.3","4.4","4.4.1","4.5","4.6"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rsa/PYSEC-2020-100.yaml"}}],"schema_version":"1.7.3"}