Question 1

Is there a bug in rsa 2.1?

Accepted Answer

Timing attacks in python-rsa It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA Fixed in rsa 4.7.

Question 2

Is there a bug in rsa?

Accepted Answer

Python-RSA decryption of ciphertext leads to DoS Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Fixed in rsa 4.1.

Question 3

Is there a bug in rsa?

Accepted Answer

PYSEC-2020-99: advisory Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation). Fixed in rsa 4.1.

Question 4

Is there a bug in rsa 2.1?

Accepted Answer

PYSEC-2020-100: advisory It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA. Fixed in rsa 4.7.

Question 5

Is there a bug in rsa?

Accepted Answer

PYSEC-2016-10: advisory The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. Fixed in rsa 3.3.

Question 6

Is there a bug in rsa?

Accepted Answer

Python RSA allows attackers to spoof signatures The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack. Fixed in rsa 3.3.

Severity	Affected	Fixed in	Title	Status	Source
high	2.1	4.7	Timing attacks in python-rsa It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA	fixed	osv:GHSA-xrx6-fmxq-rjj2
high	any	4.1	Python-RSA decryption of ciphertext leads to DoS Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).	fixed	osv:GHSA-537h-rv9q-vvph
medium	any	4.1	PYSEC-2020-99: advisory Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).	fixed	osv:PYSEC-2020-99
medium	2.1	4.7	PYSEC-2020-100: advisory It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.	fixed	osv:PYSEC-2020-100
medium	any	3.3	PYSEC-2016-10: advisory The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.	fixed	osv:PYSEC-2016-10
medium	any	3.3	Python RSA allows attackers to spoof signatures The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.	fixed	osv:GHSA-8rjr-6qq5-pj9p

rsa known bugs