PT-2025-35197 · Unknown · Oberon Psa Crypto Library
Published
2025-08-29
·
Updated
2025-08-29
·
CVE-2025-9071
CVSS v4.0
2.3
Low
| Vector | AV:N/AC:H/AT:N/PR:N/UI:P/VC:L/VI:N/VA:N/SC:L/SI:N/SA:N/S:N/RE:L |
Name of the Vulnerable Software and Affected Versions
Oberon PSA Crypto Library versions prior to 1.6
Description
The software uses an all-zero seed for RSA-OEAP padding instead of generated random bytes. This results in deterministic RSA, leading to a loss of confidentiality for guessable messages, recognition of repeated messages, and a loss of security proofs.
Recommendations
Update to version 1.6 or later.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Oberon Psa Crypto Library