{"id":"PYSEC-2021-62","details":"python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.","aliases":["CVE-2020-25659","GHSA-hggm-jpg3-v476"],"modified":"2023-11-08T04:03:11.264590Z","published":"2021-01-11T16:15:00Z","references":[{"type":"WEB","url":"https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-hggm-jpg3-v476"}],"affected":[{"package":{"name":"cryptography","ecosystem":"PyPI","purl":"pkg:pypi/cryptography"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.2.1"}]}],"versions":["0.1","0.2","0.2.1","0.2.2","0.3","0.4","0.5","0.5.1","0.5.2","0.5.3","0.5.4","0.6","0.6.1","0.7","0.7.1","0.7.2","0.8","0.8.1","0.8.2","0.9","0.9.1","0.9.2","0.9.3","1.0","1.0.1","1.0.2","1.1","1.1.1","1.1.2","1.2","1.2.1","1.2.2","1.2.3","1.3","1.3.1","1.3.2","1.3.3","1.3.4","1.4","1.5","1.5.1","1.5.2","1.5.3","1.6","1.7","1.7.1","1.7.2","1.8","1.8.1","1.8.2","1.9","2.0","2.0.1","2.0.2","2.0.3","2.1","2.1.1","2.1.2","2.1.3","2.1.4","2.2","2.2.1","2.2.2","2.3","2.3.1","2.4","2.4.1","2.4.2","2.5","2.6","2.6.1","2.7","2.8","2.9","2.9.1","2.9.2","3.0","3.1","3.1.1","3.2"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/cryptography/PYSEC-2021-62.yaml"}}],"schema_version":"1.7.3"}