{"id":"CVE-2020-25659","details":"python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.","aliases":["GHSA-hggm-jpg3-v476","PYSEC-2021-62"],"modified":"2026-04-16T00:08:20.371406650Z","published":"2021-01-11T16:15:15.040Z","related":["SUSE-FU-2022:0444-1","SUSE-FU-2022:0445-1","SUSE-RU-2021:0985-1","SUSE-RU-2022:2355-1","SUSE-SU-2020:3592-1","SUSE-SU-2020:3629-1","SUSE-SU-2023:0604-1","SUSE-SU-2023:2783-1","SUSE-SU-2023:2783-2","openSUSE-SU-2020:2173-1","openSUSE-SU-2024:11223-1","openSUSE-SU-2024:13819-1"],"database_specific":{"unresolved_ranges":[{"cpe":"cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.10.0:*:*:*:*:*:*:*","source":"CPE_FIELD","extracted_events":[{"last_affected":"1.10.0"}]}]},"references":[{"type":"FIX","url":"https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpuapr2022.html"},{"type":"FIX","url":"https://www.oracle.com/security-alerts/cpujul2022.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pyca/cryptography","events":[{"introduced":"0"},{"last_affected":"c9e65222c91df8b6f61650a3460e30232962c1e0"}],"database_specific":{"cpe":"cpe:2.3:a:cryptography.io:cryptography:3.2:*:*:*:*:python:*:*","source":"CPE_FIELD","extracted_events":[{"introduced":"0"},{"last_affected":"3.2"}]}}],"versions":["0.1","0.2","0.3","0.4","0.5","0.5.1","0.6","0.7","0.8","0.9","1.0","1.1","1.2","1.3","1.4","1.5","1.6","1.7","1.8","1.9","2.0","2.1","2.2","2.3","2.4","2.4.1","2.5","2.6","2.6.1","2.7","2.8","2.9","3.0","3.1","3.2"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-25659.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}