Python-RSA decryption of ciphertext leads to DoS
High severity
GitHub Reviewed
Published
Mar 24, 2021
to the GitHub Advisory Database
•
Updated Sep 1, 2023
Description
Published by the National Vulnerability Database
Jun 1, 2020
Reviewed
Mar 24, 2021
Published to the GitHub Advisory Database
Mar 24, 2021
Last updated
Sep 1, 2023
Python-RSA before 4.1 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).
References