CVE-2023-52323: PyCryptodome and pycryptodomex side-channel leakage for OAEP decryption
(updated )
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
References
- github.com/Legrandin/pycryptodome
- github.com/Legrandin/pycryptodome/blob/master/Changelog.rst
- github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd
- github.com/advisories/GHSA-j225-cvw7-qrx7
- github.com/pypa/advisory-database/tree/main/vulns/pycryptodomex/PYSEC-2024-3.yaml
- nvd.nist.gov/vuln/detail/CVE-2023-52323
- pypi.org/project/pycryptodomex/
Code Behaviors & Features
Detect and mitigate CVE-2023-52323 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →