MidnightBSD

Advisories for m2crypto_project

CVE-2020-25657 MEDIUM

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-385,NVD-CWE-Other,

Products Affected

Vendor Product Version
m2crypto_project m2crypto *
fedoraproject fedora 33
redhat virtualization 4.0
redhat enterprise_linux 7.0
redhat enterprise_linux 6.0
CVE-2023-50781

A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N 2.2 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat update_infrastructure 4
m2crypto_project m2crypto -
redhat enterprise_linux 8.0