CVE-2023-52323

NameCVE-2023-52323
DescriptionPyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs1060059

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pycryptodome (PTS)buster3.6.1-2vulnerable
bullseye3.9.7+dfsg1-1vulnerable
trixie, bookworm3.11.0+dfsg1-4vulnerable
sid3.20.0+dfsg-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pycryptodomesource(unstable)(unfixed)1060059

Notes

[bookworm] - pycryptodome <no-dsa> (Minor issue)
[bullseye] - pycryptodome <no-dsa> (Minor issue)
[buster] - pycryptodome <no-dsa> (Minor issue)
https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd (v3.19.1)

Search for package or bug name: Reporting problems