Search for packages
| purl | pkg:pypi/rsa@3.1.3 |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-f4rp-ce4j-xkd3
Aliases: CVE-2020-13757 GHSA-537h-rv9q-vvph PYSEC-2020-99 |
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). |
Affected by 1 other vulnerability. |
|
VCID-jeu8-p6h8-8ffx
Aliases: CVE-2020-25658 GHSA-xrx6-fmxq-rjj2 PYSEC-2020-100 |
It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. |
Affected by 0 other vulnerabilities. |
|
VCID-nqxh-d5pz-tuc1
Aliases: CVE-2016-1494 GHSA-8rjr-6qq5-pj9p PYSEC-2016-10 |
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. |
Affected by 2 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| This package is not known to fix vulnerabilities. | ||