—

PYSEC-2021-62

Details

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

Are you affected?

Enter the version of the package you're using.

Affected packages

PyPI / cryptography

Introduced in: 0 Fixed in: 3.2.1

Fix pip install --upgrade 'cryptography>=3.2.1'

References

https://github.com/pyca/cryptography/pull/5507/commits/ce1bef6f1ee06ac497ca0c837fbd1c7ef6c2472b [WEB]
https://github.com/advisories/GHSA-hggm-jpg3-v476 [ADVISORY]