CVE-2020-13757

MEDIUM

Description

Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

References

https://github.com/sybrenstuvel/python-rsa/issues/146

https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667

https://lists.fedoraproject.org/archives/list/[email protected]/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/

https://usn.ubuntu.com/4478-1/

Details

Source: MITRE

Published: 2020-06-01

Updated: 2020-09-02

Type: CWE-327

Risk Information

CVSS v2.0

Base Score: 5

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 10

Severity: MEDIUM

CVSS v3.0

Base Score: 7.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 3.9

Severity: HIGH

Tenable Plugins

View all (12 total)

IDNameProductFamilySeverity
142317EulerOS 2.0 SP2 : python-rsa (EulerOS-SA-2020-2390)NessusHuawei Local Security Checks
medium
142111EulerOS 2.0 SP5 : python-rsa (EulerOS-SA-2020-2267)NessusHuawei Local Security Checks
medium
140998EulerOS Virtualization for ARM 64 3.0.6.0 : python-rsa (EulerOS-SA-2020-2050)NessusHuawei Local Security Checks
medium
140837EulerOS 2.0 SP3 : python-rsa (EulerOS-SA-2020-2070)NessusHuawei Local Security Checks
medium
140350EulerOS Virtualization for ARM 64 3.0.2.0 : python-rsa (EulerOS-SA-2020-1980)NessusHuawei Local Security Checks
medium
140090Amazon Linux AMI : python26-rsa (ALAS-2020-1421)NessusAmazon Linux Local Security Checks
medium
139981EulerOS 2.0 SP8 : python-rsa (EulerOS-SA-2020-1878)NessusHuawei Local Security Checks
medium
139919RHEL 7 : OpenShift Container Platform 3.11 (RHSA-2020:3541)NessusRed Hat Local Security Checks
medium
139621RHEL 7 : OpenShift Container Platform 4.5.6 (RHSA-2020:3453)NessusRed Hat Local Security Checks
medium
139338Amazon Linux 2 : python-rsa (ALAS-2020-1470)NessusAmazon Linux Local Security Checks
medium
138403Fedora 32 : python-rsa (2020-5ed5627d2b)NessusFedora Local Security Checks
medium
138399Fedora 31 : python-rsa (2020-253ebe55ff)NessusFedora Local Security Checks
medium