CVE-2016-1494

The verify function in the RSA package for Python (Python-RSA) before 3.3 allows attackers to spoof signatures with a small public exponent via crafted signature padding, aka a BERserk attack.
Severity
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Atk. Vector
NETWORK
Atk. Complexity
LOW
Priv. Required
NONE
Base Score
CVSS 3.x
EPSS Score
Percentile: 72%
VendorProductVersion
pythonrsa
𝑥
< 3.3
opensuseleap
42.1
opensuseopensuse
13.1
opensuseopensuse
13.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
python-rsa
bullseye
4.0-4
fixed
bookworm
4.8-1
fixed
sid
4.9-2
fixed
trixie
4.9-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
python-rsa
bionic
not-affected
artful
not-affected
zesty
ignored
yakkety
ignored
xenial
not-affected
wily
ignored
vivid
ignored
trusty
Fixed 3.1.2-1ubuntu0.1
released
precise
dne