CVE-2020-13757

Advisory

Rsa 4.3 includes a fix for CVE-2020-13757: Python-RSA before 4.3 ignores leading '\0' bytes during decryption of ciphertext. This could conceivably have a security-relevant impact, e.g., by helping an attacker to infer that an application uses Python-RSA, or if the length of accepted ciphertext affects application behavior (such as by causing excessive memory allocation).

Affected package

Affected versions

Fixed versions

Vulnerability changelog

support Python 2.7. This is now made explicit in the `python_requires` argument
in `setup.py`. Python 3.4 is not supported by this release.

Two security fixes have also been backported, so 4.3 = 4.0 + these two fixes.

- Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out.
- Reject cyphertexts (when decrypting) and signatures (when verifying) that have
been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks
Carnil for pointing this out.

Resources

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13757
• https://github.com/sybrenstuvel/python-rsa/issues/146
• https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
• https://lists.fedoraproject.org/archives/list/[email protected]/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/
• https://lists.fedoraproject.org/archives/list/[email protected]/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/
• https://usn.ubuntu.com/4478-1/