Search for packages
| purl | pkg:deb/debian/python-rsa@4.0-4?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f4rp-ce4j-xkd3
Aliases: CVE-2020-13757 GHSA-537h-rv9q-vvph PYSEC-2020-99 |
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). |
Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-nqxh-d5pz-tuc1 | The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. |
CVE-2016-1494
GHSA-8rjr-6qq5-pj9p PYSEC-2016-10 |
| Date | Actor | Action | Vulnerability | Source | VulnerableCode Version |
|---|---|---|---|---|---|
| 2026-05-01T23:20:15.556621+00:00 | Debian Importer | Fixing | VCID-nqxh-d5pz-tuc1 | https://security-tracker.debian.org/tracker/data/json | 38.6.0 |
| 2026-04-28T13:52:21.640983+00:00 | Debian Importer | Affected by | VCID-f4rp-ce4j-xkd3 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-16T09:19:45.470994+00:00 | Debian Importer | Fixing | VCID-nqxh-d5pz-tuc1 | https://security-tracker.debian.org/tracker/data/json | 38.4.0 |
| 2026-04-11T18:13:58.338257+00:00 | Debian Importer | Fixing | VCID-nqxh-d5pz-tuc1 | https://security-tracker.debian.org/tracker/data/json | 38.3.0 |
| 2026-04-03T07:50:53.494748+00:00 | Debian Importer | Affected by | VCID-f4rp-ce4j-xkd3 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |
| 2026-04-03T07:50:53.469059+00:00 | Debian Importer | Fixing | VCID-nqxh-d5pz-tuc1 | https://security-tracker.debian.org/tracker/data/json | 38.1.0 |