PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption · CVE-2023-52323 · GitHub Advisory Database · GitHub

PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption

Moderate severity GitHub Reviewed Published Jan 5, 2024 to the GitHub Advisory Database • Updated Jan 19, 2024

Package

pycryptodome (pip)

Affected versions

< 3.19.1

Patched versions

3.19.1

pycryptodomex (pip)

< 3.19.1

3.19.1

Description

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

References

Published by the National Vulnerability Database

Jan 5, 2024

Published to the GitHub Advisory Database Jan 5, 2024

Reviewed Jan 5, 2024

Last updated Jan 19, 2024

Severity

Moderate

5.3

/ 10

CVSS base metrics

Attack vector

Network

Attack complexity

High

Privileges required

Low

User interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N