CVE

Id
88313  
CVE No.
CVE-2016-1494  
Status
Candidate  
Description
The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.  
Phase
Assigned (20160104)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
766866 88313 CVE-2016-1494 MLIST:[oss-security] 20160104 Re: CVE Request: python-rsa signature forgery  View
766867 88313 CVE-2016-1494 URL:http://www.openwall.com/lists/oss-security/2016/01/05/3  View
766868 88313 CVE-2016-1494 MLIST:[oss-security] 20160105 CVE Request: python-rsa signature forgery  View
766869 88313 CVE-2016-1494 URL:http://www.openwall.com/lists/oss-security/2016/01/05/1  View
766870 88313 CVE-2016-1494 MISC:https://blog.filippo.io/bleichenbacher-06-signature-forgery-in-python-rsa/  View
766871 88313 CVE-2016-1494 CONFIRM:https://bitbucket.org/sybren/python-rsa/pull-requests/14/security-fix-bb06-attack-in-verify-by/diff  View
766872 88313 CVE-2016-1494 FEDORA:FEDORA-2016-70edfbbcef  View
766873 88313 CVE-2016-1494 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175897.html  View
766874 88313 CVE-2016-1494 FEDORA:FEDORA-2016-c845706426  View
766875 88313 CVE-2016-1494 URL:http://lists.fedoraproject.org/pipermail/package-announce/2016-January/175942.html  View
766876 88313 CVE-2016-1494 SUSE:openSUSE-SU-2016:0108  View
766877 88313 CVE-2016-1494 URL:http://lists.opensuse.org/opensuse-updates/2016-01/msg00032.html  View
766878 88313 CVE-2016-1494 BID:79829  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
2043 JVNDB-2016-002816 複数の Apple 製品のディスクイメージサブシステムにおけるカーネルメモリから重要な情報を取得される脆弱性 複数の Apple 製品のディスクイメージサブシステムには、競合状態により、カーネルメモリから重要な情報を取得される脆弱性が存在します。 CVE-2016-1807 88313 2.6 4.7 http://jvndb.jvn.jp/ja/contents/2016/JVNDB-2016-002816.html  View