{"id":"CVE-2020-13757","details":"Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).","aliases":["GHSA-537h-rv9q-vvph","PYSEC-2020-99"],"modified":"2026-04-09T06:51:36.059615Z","published":"2020-06-01T19:15:10.067Z","related":["MGASA-2020-0364","SUSE-SU-2021:2008-1","SUSE-SU-2021:2237-1","SUSE-SU-2021:2253-1","SUSE-SU-2022:3287-1","openSUSE-SU-2021:0901-1","openSUSE-SU-2021:2008-1","openSUSE-SU-2024:11269-1","openSUSE-SU-2024:14163-1"],"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/4478-1/"},{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/146"},{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sybrenstuvel/python-rsa","events":[{"introduced":"0"},{"fixed":"c6731b1dda461676b998a18004b23a9879378041"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"4.1"}]}}],"versions":["version-1.1","version-1.2","version-1.3","version-1.3.1","version-1.3.2","version-1.3.3","version-2.0","version-3.0","version-3.0.1","version-3.1","version-3.1.1","version-3.1.2","version-3.1.3","version-3.1.4","version-3.2","version-3.2.1","version-3.2.2","version-3.2.3","version-3.3","version-3.4","version-4.0"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-13757.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"31"}]},{"events":[{"introduced":"0"},{"last_affected":"32"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}