Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T12:25:16.505Z

Reserved: 2020-06-01T00:00:00

Link: CVE-2020-13757

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2020-06-01T19:15:10.067

Modified: 2024-11-21T05:01:47.397

Link: CVE-2020-13757

cve-icon Redhat

Severity : Moderate

Publid Date: 2020-05-27T00:00:00Z

Links: CVE-2020-13757 - Bugzilla

cve-icon OpenCVE Enrichment

No data.