CVE-2020-13757
HIGHPython-RSA < 4.1 - Use of a Broken or Risky Cryptographic Algorithm
Title source: llmDescription
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
References (5)
Core 5
Core References
Issue Tracking, Third Party Advisory x_refsource_misc
https://github.com/sybrenstuvel/python-rsa/issues/146
Exploit, Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/
Third Party Advisory vendor-advisory
x_refsource_ubuntu
https://usn.ubuntu.com/4478-1/
Scores
CVSS v3
7.5
EPSS
0.0010
EPSS Percentile
26.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-327
Status
published
Products (5)
canonical/ubuntu_linux
14.04
fedoraproject/fedora
31
fedoraproject/fedora
32
pypi/rsa
0 - 4.1PyPI
python-rsa_project/python-rsa
< 4.1
Published
Jun 01, 2020
Tracked Since
Feb 18, 2026