{"id":"PYSEC-2024-3","details":"PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.","aliases":["CVE-2023-52323","GHSA-j225-cvw7-qrx7"],"modified":"2024-01-17T11:41:25.820005Z","published":"2024-01-05T04:15:00Z","references":[{"type":"WEB","url":"https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst"},{"type":"PACKAGE","url":"https://pypi.org/project/pycryptodomex/#history"}],"affected":[{"package":{"name":"pycryptodomex","ecosystem":"PyPI","purl":"pkg:pypi/pycryptodomex"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.19.1"}]}],"versions":["3.10.1","3.10.3","3.10.4","3.11.0","3.12.0","3.13.0","3.14.0","3.14.1","3.15.0","3.16.0","3.17","3.18.0","3.19.0","3.4.1","3.4.11","3.4.12","3.4.2","3.4.3","3.4.5","3.4.6","3.4.7","3.4.8","3.4.9","3.5.1","3.6.0","3.6.1","3.6.3","3.6.4","3.6.5","3.6.6","3.7.0","3.7.1","3.7.2","3.7.3","3.8.0","3.8.1","3.8.2","3.9.0","3.9.1","3.9.2","3.9.3","3.9.4","3.9.6","3.9.7","3.9.8","3.9.9"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/pycryptodomex/PYSEC-2024-3.yaml"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}