PYSEC-2024-3
See a problem?- Import Source
- https://github.com/pypa/advisory-database/blob/main/vulns/pycryptodomex/PYSEC-2024-3.yaml
- JSON Data
- https://api.osv.dev/v1/vulns/PYSEC-2024-3
- Aliases
- Published
- 2024-01-05T04:15:00Z
- Modified
- 2024-01-17T11:41:25.820005Z
- Severity
-
- 5.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
- References
Affected packages
PyPI / pycryptodomex
Package
- Name
- pycryptodomex
- View open source insights on deps.dev
- Purl
- pkg:pypi/pycryptodomex
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.19.1
Affected versions
3.*
3.4.1
3.4.2
3.4.3
3.4.5
3.4.6
3.4.7
3.4.8
3.4.9
3.4.11
3.4.12
3.5.1
3.6.0
3.6.1
3.6.3
3.6.4
3.6.5
3.6.6
3.7.0
3.7.1
3.7.2
3.7.3
3.8.0
3.8.1
3.8.2
3.9.0
3.9.1
3.9.2
3.9.3
3.9.4
3.9.6
3.9.7
3.9.8
3.9.9
3.10.1
3.10.3
3.10.4
3.11.0
3.12.0
3.13.0
3.14.0
3.14.1
3.15.0
3.16.0
3.17
3.18.0
3.19.0