GHSA-944j-8ch6-rf6x
Suggest an improvement- Source
- https://github.com/advisories/GHSA-944j-8ch6-rf6x
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/02/GHSA-944j-8ch6-rf6x/GHSA-944j-8ch6-rf6x.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-944j-8ch6-rf6x
- Aliases
- Published
- 2024-02-05T21:30:31Z
- Modified
- 2024-02-16T08:24:18.913817Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- m2crypto Bleichenbacher timing attack - incomplete fix for CVE-2020-25657
- Details
-
A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.
- Database specific
{ "github_reviewed": true, "cwe_ids": [ "CWE-208" ], "github_reviewed_at": "2024-02-05T22:41:57Z", "nvd_published_at": "2024-02-05T21:15:10Z", "severity": "MODERATE" }- References
Affected packages
PyPI / m2crypto
Package
- Name
- m2crypto
- View open source insights on deps.dev
- Purl
- pkg:pypi/m2crypto
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.40.1
Affected versions
0.*
0.11
0.13
0.15
0.16
0.17
0.18
0.18.1
0.18.2
0.19
0.19.1
0.20beta1
0.20
0.20.1
0.20.2
0.21
0.21.1
0.22.3
0.22.4
0.22.5
0.23.0
0.24.0
0.25.0
0.25.1
0.26.0
0.26.2
0.26.3
0.26.4
0.27.0
0.28.0
0.28.1
0.28.2
0.29.0
0.30.0
0.30.1
0.31.0
0.32.0
0.33.0
0.34.0
0.35.0
0.35.1
0.35.2
0.36.0
0.37.0
0.37.1
0.38.0
0.39.0
0.40.0
0.40.1