Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-5ju3-cs33-8ygx

Summary tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng.

Aliases

alias	CVE-2020-26263

alias	GHSA-wvcv-832q-fjg7

alias	PYSEC-2020-143

Fixed_packages

url	pkg:pypi/tlslite-ng@0.7.6
purl	pkg:pypi/tlslite-ng@0.7.6
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.6

Affected_packages

url pkg:pypi/tlslite-ng@0.5.0b1

purl pkg:pypi/tlslite-ng@0.5.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b1

url pkg:pypi/tlslite-ng@0.5.0b2

purl pkg:pypi/tlslite-ng@0.5.0b2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b2

url pkg:pypi/tlslite-ng@0.5.0b3

purl pkg:pypi/tlslite-ng@0.5.0b3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b3

url pkg:pypi/tlslite-ng@0.5.0b4

purl pkg:pypi/tlslite-ng@0.5.0b4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b4

url pkg:pypi/tlslite-ng@0.5.0b5

purl pkg:pypi/tlslite-ng@0.5.0b5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b5

url pkg:pypi/tlslite-ng@0.5.0b6

purl pkg:pypi/tlslite-ng@0.5.0b6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0b6

url pkg:pypi/tlslite-ng@0.5.0

purl pkg:pypi/tlslite-ng@0.5.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.0

url pkg:pypi/tlslite-ng@0.5.1

purl pkg:pypi/tlslite-ng@0.5.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.1

url pkg:pypi/tlslite-ng@0.5.2

purl pkg:pypi/tlslite-ng@0.5.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.5.2

url pkg:pypi/tlslite-ng@0.6.0a1

purl pkg:pypi/tlslite-ng@0.6.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a1

url pkg:pypi/tlslite-ng@0.6.0a2

purl pkg:pypi/tlslite-ng@0.6.0a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a2

url pkg:pypi/tlslite-ng@0.6.0a3

purl pkg:pypi/tlslite-ng@0.6.0a3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a3

url pkg:pypi/tlslite-ng@0.6.0a4

purl pkg:pypi/tlslite-ng@0.6.0a4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a4

url pkg:pypi/tlslite-ng@0.6.0a5

purl pkg:pypi/tlslite-ng@0.6.0a5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0a5

url pkg:pypi/tlslite-ng@0.6.0b1

purl pkg:pypi/tlslite-ng@0.6.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0b1

url pkg:pypi/tlslite-ng@0.6.0

purl pkg:pypi/tlslite-ng@0.6.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.6.0

url pkg:pypi/tlslite-ng@0.7.0a1

purl pkg:pypi/tlslite-ng@0.7.0a1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a1

url pkg:pypi/tlslite-ng@0.7.0a2

purl pkg:pypi/tlslite-ng@0.7.0a2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a2

url pkg:pypi/tlslite-ng@0.7.0a3

purl pkg:pypi/tlslite-ng@0.7.0a3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a3

url pkg:pypi/tlslite-ng@0.7.0a4

purl pkg:pypi/tlslite-ng@0.7.0a4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a4

url pkg:pypi/tlslite-ng@0.7.0a5

purl pkg:pypi/tlslite-ng@0.7.0a5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a5

url pkg:pypi/tlslite-ng@0.7.0a6

purl pkg:pypi/tlslite-ng@0.7.0a6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a6

url pkg:pypi/tlslite-ng@0.7.0a7

purl pkg:pypi/tlslite-ng@0.7.0a7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a7

url pkg:pypi/tlslite-ng@0.7.0a8

purl pkg:pypi/tlslite-ng@0.7.0a8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a8

url pkg:pypi/tlslite-ng@0.7.0a9

purl pkg:pypi/tlslite-ng@0.7.0a9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0a9

url pkg:pypi/tlslite-ng@0.7.0b1

purl pkg:pypi/tlslite-ng@0.7.0b1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0b1

url pkg:pypi/tlslite-ng@0.7.0

purl pkg:pypi/tlslite-ng@0.7.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.0

url pkg:pypi/tlslite-ng@0.7.1

purl pkg:pypi/tlslite-ng@0.7.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.1

url pkg:pypi/tlslite-ng@0.7.2

purl pkg:pypi/tlslite-ng@0.7.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.2

url pkg:pypi/tlslite-ng@0.7.3

purl pkg:pypi/tlslite-ng@0.7.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

vulnerability	VCID-q2yu-yvd5-sbhs

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.3

url pkg:pypi/tlslite-ng@0.7.4

purl pkg:pypi/tlslite-ng@0.7.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.4

url pkg:pypi/tlslite-ng@0.7.5

purl pkg:pypi/tlslite-ng@0.7.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5ju3-cs33-8ygx

resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/tlslite-ng@0.7.5

References

reference_url	https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
reference_id
reference_type
scores
url	https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368

reference_url	https://github.com/tlsfuzzer/tlslite-ng/pull/438
reference_id
reference_type
scores
url	https://github.com/tlsfuzzer/tlslite-ng/pull/438

reference_url	https://github.com/tlsfuzzer/tlslite-ng/pull/439
reference_id
reference_type
scores
url	https://github.com/tlsfuzzer/tlslite-ng/pull/439

reference_url	https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
reference_id
reference_type
scores
url	https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7

reference_url	https://pypi.org/project/tlslite-ng/
reference_id
reference_type
scores
url	https://pypi.org/project/tlslite-ng/

reference_url	https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
reference_id
reference_type
scores
url	https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/

Weaknesses

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5ju3-cs33-8ygx

Vulnerability Instance