CVE-2023-52323

CVSS v4.0

7.1

High

Vector

AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions PyCryptodome and pycryptodomex versions prior to 3.19.1

Description The issue is related to side-channel leakage for OAEP decryption, which can be exploited for a Manger attack. This allows a remote attacker to gain unauthorized access to protected information due to information disclosure through inconsistency.

Recommendations For versions prior to 3.19.1, update to version 3.19.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of OAEP decryption in PyCryptodome and pycryptodomex until a patch is available.

Fix

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-203

Related Identifiers

ALSA-2024:2132

ALSA-2024:2952

ALSA-2024:2968

ALT-PU-2024-12930

ALT-PU-2024-15580

ALT-PU-2024-2343

ALT-PU-2024-2747

ALT-PU-2024-7177

BDU:2024-00329

CESA-2024_2952

CESA-2024_2968

CVE-2023-52323

GHSA-J225-CVW7-QRX7

INFSA-2024_2132

INFSA-2024_2952

INFSA-2024_2968

OESA-2024-1046

OESA-2024-1053

OESA-2024-2146

OESA-2024-2147

OESA-2024-2148

OESA-2024-2149

OPENSUSE-SU-2024:13567-1

OPENSUSE-SU-2024:13568-1

OPENSUSE-SU-2024_0601-1

PYSEC-2024-3

RHSA-2024:1057

RHSA-2024:1155

RHSA-2024:2010

RHSA-2024:2132

RHSA-2024:2952

RHSA-2024:2968

RHSA-2024_2132

RHSA-2024_2952

RHSA-2024_2968

RLSA-2024:2968

SUSE-RU-2024:1829-1

SUSE-RU-2024:1829-2

SUSE-SU-2024:0557-1

SUSE-SU-2024:0585-1

SUSE-SU-2024:0601-1

SUSE-SU-2024_0585-1

SUSE-SU-2024_0601-1

USN-6595-1

Affected Products

Alt Linux

Almalinux

Centos

Debian

Linuxmint

Pycryptodome

Red Hat

Rocky Linux

Suse

Ubuntu

CVE-2023-52323

Weakness Enumeration

Related Identifiers

Affected Products

References · 69