{"id":"PYSEC-2020-99","details":"Python-RSA before 4.1 ignores leading '\\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).","aliases":["CVE-2020-13757","GHSA-537h-rv9q-vvph"],"modified":"2023-11-01T04:51:48.252045Z","published":"2020-06-01T19:15:00Z","references":[{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/146"},{"type":"REPORT","url":"https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/"},{"type":"WEB","url":"https://usn.ubuntu.com/4478-1/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-537h-rv9q-vvph"}],"affected":[{"package":{"name":"rsa","ecosystem":"PyPI","purl":"pkg:pypi/rsa"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"4.1"}]}],"versions":["1.1","1.2","1.3","1.3.1","1.3.2","1.3.3","2.0","3.0","3.0.1","3.1","3.1.1","3.1.2","3.1.3","3.1.4","3.2","3.2.1","3.2.2","3.2.3","3.3","3.4","3.4.1","3.4.2","4.0"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/rsa/PYSEC-2020-99.yaml"}}],"schema_version":"1.7.3"}