CVE-2020-13757

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:C/I:N/A:N

Name of the Vulnerable Software and Affected Versions Python-RSA versions prior to 4.1

Description The issue concerns the decryption of ciphertext, where leading '0' bytes are ignored. This could potentially have security implications, such as helping an attacker infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior, like causing excessive memory allocation.

Recommendations For versions prior to 4.1, update to version 4.1 or later to resolve the issue.

Exploit

Fix

Use of a Broken Cryptographic Algorithm

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-327

Related Identifiers

BDU:2025-03987

CVE-2020-13757

GHSA-537H-RV9Q-VVPH

MGASA-2020-0364

OPENSUSE-SU-2021:0901-1

OPENSUSE-SU-2021:2008-1

OPENSUSE-SU-2021_0901-1

OPENSUSE-SU-2021_2008-1

OPENSUSE-SU-2024:11269-1

OPENSUSE-SU-2024:14163-1

PYSEC-2020-99

RHSA-2020:3453

RHSA-2020:3541

SUSE-SU-2021:2008-1

SUSE-SU-2021:2237-1

SUSE-SU-2021:2253-1

SUSE-SU-2021_2008-1

SUSE-SU-2021_2237-1

SUSE-SU-2022:3287-1

USN-4478-1

USN-4478-2

Affected Products

Astra Linux

Debian

Linuxmint

Python-Rsa

Suse

Ubuntu

CVE-2020-13757

Weakness Enumeration

Related Identifiers

Affected Products

References · 48