x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2020-25659

CVE-2020-25659 references [github.com/pyca/cryptography](https://github.com/pyca/cryptography), which may be a Go module.

Description:
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Links:
- NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-25659
- JSON: https://github.com/CVEProject/cvelist/tree/7d751fe042699f3876b56694798ea6e964c51147/2020/25xxx/CVE-2020-25659.json
- Commit: https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
- https://www.oracle.com/security-alerts/cpuapr2022.html

See [doc/triage.md](https://github.com/golang/vulndb/blob/master/doc/triage.md) for instructions on how to triage this report.

```
module: github.com/pyca/cryptography
package: python-cryptography
description: |
    python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
cves:
  - CVE-2020-25659
links:
    commit: https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b
    context:
      - https://www.oracle.com/security-alerts/cpuapr2022.html

```

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2020-25659 #430

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

x/vulndb: potential Go vuln in github.com/pyca/cryptography: CVE-2020-25659 #430

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions