Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
References
Link | Resource |
---|---|
https://github.com/sybrenstuvel/python-rsa/issues/146 | Issue Tracking Third Party Advisory |
https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667 | Exploit Issue Tracking Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/ | |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/ | |
https://usn.ubuntu.com/4478-1/ | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-06-01T18:17:07
Updated: 2020-09-02T15:06:22
Reserved: 2020-06-01T00:00:00
Link: CVE-2020-13757
JSON object: View
NVD Information
Status : Modified
Published: 2020-06-01T19:15:10.067
Modified: 2023-11-07T03:16:58.040
Link: CVE-2020-13757
JSON object: View
Redhat Information
No data.
CWE