{"id":"CVE-2020-25657","details":"A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.","modified":"2026-04-16T00:03:39.147344952Z","published":"2021-01-12T15:15:13.720Z","related":["SUSE-FU-2024:1448-1","SUSE-RU-2025:0796-1","SUSE-RU-2025:0800-1","SUSE-SU-2022:2527-1","SUSE-SU-2022:2532-1","SUSE-SU-2022:2562-1","SUSE-SU-2022:2691-1","openSUSE-SU-2022:2562-1","openSUSE-SU-2024:12192-1"],"references":[{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1889823"}],"affected":[{"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25657.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"4.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"33"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}