{"id":"CVE-2020-25658","details":"It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.","aliases":["ECHO-28ab-14a8-957a","GHSA-xrx6-fmxq-rjj2","PYSEC-2020-100"],"modified":"2026-04-16T00:01:54.100940860Z","published":"2020-11-12T14:15:22.877Z","related":["SUSE-SU-2022:3932-1","SUSE-SU-2023:0648-1","openSUSE-SU-2024:11269-1","openSUSE-SU-2024:14163-1"],"database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:a:redhat:openstack_platform:13.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"13.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:a:redhat:openstack_platform:16.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"16.0"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"33"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"34"}]},{"source":"CPE_FIELD","cpe":"cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"35"}]}]},"references":[{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7/"},{"type":"REPORT","url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"},{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/165"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/sybrenstuvel/python-rsa","events":[{"introduced":"0"},{"fixed":"fa3282a47457254385f2313c2eceaad4b06186a4"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:python-rsa_project:python-rsa:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"2.1"},{"fixed":"4.7"}]}}],"versions":["version-1.1","version-1.2","version-1.3","version-1.3.1","version-1.3.2","version-1.3.3","version-2.0","version-3.0","version-3.0.1","version-3.1","version-3.1.1","version-3.1.2","version-3.1.3","version-3.1.4","version-3.2","version-3.2.1","version-3.2.2","version-3.2.3","version-3.3","version-3.4","version-4.0","version-4.1","version-4.2","version-4.4","version-4.4.1","version-4.6"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25658.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}