CVE-2020-25657 — MEDIUM (5.9)

Vulnerability Description

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

CVSS Score

5.9

MEDIUM

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
M2Crypto Project	M2Crypto	All versions
Redhat	Virtualization	4.0
Redhat	Enterprise Linux	6.0
Fedoraproject	Fedora	33

Related Weaknesses (CWE)

CWE-385

References

https://bugzilla.redhat.com/show_bug.cgi?id=1889823Issue TrackingThird Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1889823Issue TrackingThird Party Advisory

FAQ

What is CVE-2020-25657?

CVE-2020-25657 is a vulnerability with a CVSS score of 5.9 (MEDIUM). A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. Th...

How severe is CVE-2020-25657?

CVE-2020-25657 has been rated MEDIUM with a CVSS base score of 5.9/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-25657?

Check the references section above for vendor advisories and patch information. Affected products include: M2Crypto Project M2Crypto, Redhat Virtualization, Redhat Enterprise Linux, Fedoraproject Fedora.