UBUNTU-CVE-2016-6298

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2016-6298

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2016/UBUNTU-CVE-2016-6298.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2016-6298

Related

CVE-2016-6298

Published

2016-09-01T23:59:00Z

Modified

2025-06-02T17:08:32Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The _Rsa15 class in the RSA 1.5 algorithm implementation in jwa.py in jwcrypto before 0.3.2 lacks the Random Filling protection mechanism, which makes it easier for remote attackers to obtain cleartext data via a Million Message Attack (MMA).

References

Affected packages

Ubuntu:Pro:16.04:LTS / python-jwcrypto

Package

Name: python-jwcrypto
Purl: pkg:deb/ubuntu/python-jwcrypto@0.2.1-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.2.1-1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:18.04:LTS / python-jwcrypto

Package

Name: python-jwcrypto
Purl: pkg:deb/ubuntu/python-jwcrypto@0.4.2-1?arch=source&distro=bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.4.2-1

Affected versions

0.*

0.3.2-1

Ecosystem specific

{
    "availability": "No subscription required",
    "binaries": [
        {
            "binary_name": "python-jwcrypto",
            "binary_version": "0.4.2-1"
        },
        {
            "binary_name": "python3-jwcrypto",
            "binary_version": "0.4.2-1"
        }
    ],
    "ubuntu_priority": "medium"
}