CVE-2020-25659
Description
python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.
Risk Information
Base Score
5.9
MODERATE
Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.252
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2020-25659 are fixed in Python-cryptography 3.2 | Windows |
| Cryptography Python library (USN-4613-1) python-cryptography_2.8-3ubuntu0.1_amd64.deb | Linux |
| Cryptography Python library (USN-4613-1) python-cryptography_2.1.4-1ubuntu1.4_i386.deb | Linux |
| Cryptography Python library (USN-4613-1) python-cryptography_2.1.4-1ubuntu1.4_amd64.deb | Linux |
| Cryptography Python library (USN-4613-1) python3-cryptography_2.8-3ubuntu0.1_amd64.deb | Linux |
| Cryptography Python library (USN-4613-1) python3-cryptography_3.0-1ubuntu0.1_i386.deb | Linux |
| Cryptography Python library (USN-4613-1) python3-cryptography_3.0-1ubuntu0.1_amd64.deb | Linux |
| Cryptography Python library (USN-4613-1) python3-cryptography_2.1.4-1ubuntu1.4_i386.deb | Linux |
| Cryptography Python library (USN-4613-1) python3-cryptography_2.1.4-1ubuntu1.4_amd64.deb | Linux |
| (RHSA-2021:1608) python-cryptography security, bug fix, and enhancement update python-cryptography-debugsource-3.2.1-4.el8.x86_64.rpm | Linux |
| (RHSA-2021:1608) python-cryptography security, bug fix, and enhancement update python3-cryptography-3.2.1-4.el8.x86_64.rpm | Linux |
| SUSE-SU-2023:0794-1(Basesystem Module 15-SP4 ) python3-PyJWT-2.4.0-150200.3.6.2.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-base-5.14.21-150400.24.49.3.150400.24.19.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-default-devel-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-obs-build-debugsource-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-syms-5.14.21-150400.24.49.4.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Legacy Module 15-SP4 ) reiserfs-kmp-default-debuginfo-5.14.21-150400.24.49.3.x86_64.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-devel-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-docs-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Basesystem Module 15-SP4 ) kernel-macros-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:0796-1(Development Tools Module 15-SP4 ) kernel-source-5.14.21-150400.24.49.4.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-websockets-9.1-150100.3.3.3.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) azure-cli-core-2.17.1-150100.6.18.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-avro-1.11.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-constantly-15.1.0-150000.3.4.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-cryptography-vectors-3.3.2-150100.3.11.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-humanfriendly-10.0-150100.6.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP4 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-knack-0.9.0-150100.3.7.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-0.8.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP4 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Basesystem Module 15-SP4 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-aiocontextvars-0.2.2-150100.3.3.3.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-websockets-9.1-150100.3.3.3.x86_64_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-avro-1.11.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-Deprecated-1.2.13-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-0.8.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-context-0.1.2-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opencensus-ext-threading-0.1.2-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-opentelemetry-api-1.5.0-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP3 ) python3-PyGithub-1.43.5-150100.3.3.3.noarch_15_SP3.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python-zope.interface-debugsource-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-zope.interface-debuginfo-4.4.2-150000.3.4.1.x86_64_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) azure-cli-core-2.17.1-150100.6.18.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-constantly-15.1.0-150000.3.4.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-humanfriendly-10.0-150100.6.3.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Server Applications Module 15-SP5 ) python3-hyperlink-17.2.1-150000.3.4.1.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-jsondiff-1.3.0-150100.3.6.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Public Cloud Module 15-SP5 ) python3-knack-0.9.0-150100.3.7.3.noarch_15_SP5.rpm | Linux |
| SUSE-SU-2023:2783-1(Basesystem Module 15-SP5 ) python3-websocket-client-1.3.2-150100.6.7.3.noarch_15_SP5.rpm | Linux |
| Openssl update (ELSA-2023-7877) openssl-1.1.1k-12.el8_9.x86_64.rpm | Linux |
| Openssl-devel update (ELSA-2023-7877) openssl-devel-1.1.1k-12.el8_9.i686.rpm | Linux |
| Openssl-devel update (ELSA-2023-7877) openssl-devel-1.1.1k-12.el8_9.x86_64.rpm | Linux |
| Openssl-libs update (ELSA-2023-7877) openssl-libs-1.1.1k-12.el8_9.i686.rpm | Linux |
| Openssl-libs update (ELSA-2023-7877) openssl-libs-1.1.1k-12.el8_9.x86_64.rpm | Linux |
| Openssl-perl update (ELSA-2023-7877) openssl-perl-1.1.1k-12.el8_9.x86_64.rpm | Linux |
| python-cryptography Security Update (ALAS2-2025-2930) python2-cryptography-1.7.2-2.amzn2.0.1.x86_64.rpm | Linux |
| Vulnerabilities CVE-2020-25659 are fixed in Python-cryptography for linux 3.2 | Linux |
| CVE-2020-25659 | NCM |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234