Bug 1848507 (CVE-2020-13757) - CVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS
Summary: CVE-2020-13757 python-rsa: decryption of ciphertext leads to DoS
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2020-13757
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1851171 1848508 1848509 1850329 1850330 1850385 1850966 1851172 1851173 1851174 1866148
Blocks: 1848510
TreeView+ depends on / blocked
 
Reported: 2020-06-18 13:22 UTC by Dhananjay Arunesh
Modified: 2021-04-03 16:12 UTC (History)
24 users (show)

Fixed In Version: python-rsa-4.1
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the python-rsa package, where it does not explicitly check the ciphertext length against the key size and ignores the leading 0 bytes during the decryption of the ciphertext. This flaw allows an attacker to perform a ciphertext attack, leading to a denial of service. The highest threat from this vulnerability is to confidentiality.
Clone Of:
Environment:
Last Closed: 2020-08-18 09:15:23 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:3453 0 None None None 2020-08-18 05:03:26 UTC
Red Hat Product Errata RHSA-2020:3541 0 None None None 2020-08-26 22:46:57 UTC

Description Dhananjay Arunesh 2020-06-18 13:22:07 UTC 
A vulnerability was found in Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

References:
https://github.com/sybrenstuvel/python-rsa/issues/146
https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
Comment 1 Dhananjay Arunesh 2020-06-18 13:22:57 UTC 
Created python-rsa tracking bugs for this issue:

Affects: epel-all [bug 1848509]
Affects: fedora-all [bug 1848508]
Comment 4 Przemyslaw Roguski 2020-06-23 10:14:05 UTC 
Upstream patch: https://github.com/sybrenstuvel/python-rsa/commit/93af6f2f89a9bf28361e67716c4240e691520f30
Comment 9 Nick Tait 2020-06-25 17:05:11 UTC 
Created python-rsa tracking bugs for this issue:

Affects: openstack-rdo [bug 1851171]
Comment 11 Nick Tait 2020-06-25 17:30:30 UTC 
External References:

https://github.com/sybrenstuvel/python-rsa/issues/146
Comment 13 errata-xmlrpc 2020-08-18 05:03:23 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 4.5

Via RHSA-2020:3453 https://access.redhat.com/errata/RHSA-2020:3453
Comment 14 Product Security DevOps Team 2020-08-18 09:15:23 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2020-13757
Comment 15 errata-xmlrpc 2020-08-26 22:46:55 UTC 
This issue has been addressed in the following products:

  Red Hat OpenShift Container Platform 3.11

Via RHSA-2020:3541 https://access.redhat.com/errata/RHSA-2020:3541
Comment 17 Nick Tait 2021-04-03 16:12:37 UTC 
Statement:

In Red Hat OpenStack Platform, because the flaw has a lower impact and the fix would require a substantial amount of development, no update will be provided at this time for the RHOSP python-rsa package.
Note You need to log in before you can comment on or make changes to this bug.