PYSEC-2024-3

See a problem?
Import Source
https://github.com/pypa/advisory-database/blob/main/vulns/pycryptodomex/PYSEC-2024-3.yaml
JSON Data
https://api.osv.dev/v1/vulns/PYSEC-2024-3
Aliases
Published
2024-01-05T04:15:00Z
Modified
2024-01-17T11:41:25.820005Z
Severity
  • 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

References

Affected packages

PyPI / pycryptodomex

Package

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.19.1

Affected versions

3.*

3.4.1
3.4.2
3.4.3
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.11
3.4.12
3.5.1
3.6.0
3.6.1
3.6.3
3.6.4
3.6.5
3.6.6
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.6
3.9.7
3.9.8
3.9.9
3.10.1
3.10.3
3.10.4
3.11.0
3.12.0
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.17
3.18.0
3.19.0