CVE-2020-26263

tlslite-ng is an open source python library that implements SSL and TLS cryptographic protocols. In tlslite-ng before versions 0.7.6 and 0.8.0-alpha39, the code that performs decryption and padding check in RSA PKCS#1 v1.5 decryption is data dependant. In particular, the code has multiple ways in which it leaks information about the decrypted ciphertext. It aborts as soon as the plaintext doesn't start with 0x00, 0x02. All TLS servers that enable RSA key exchange as well as applications that use the RSA decryption API directly are vulnerable. This is patched in versions 0.7.6 and 0.8.0-alpha39. Note: the patches depend on Python processing the individual bytes in side-channel free manner, this is known to not the case (see reference). As such, users that require side-channel resistance are recommended to use different TLS implementations, as stated in the security policy of tlslite-ng.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
GitHub_MCNA
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 47%
VendorProductVersion
tlslite-ng_projecttlslite-ng
𝑥
< 0.7.6
tlslite-ng_projecttlslite-ng
0.8.0:alpha1
tlslite-ng_projecttlslite-ng
0.8.0:alpha10
tlslite-ng_projecttlslite-ng
0.8.0:alpha11
tlslite-ng_projecttlslite-ng
0.8.0:alpha12
tlslite-ng_projecttlslite-ng
0.8.0:alpha13
tlslite-ng_projecttlslite-ng
0.8.0:alpha14
tlslite-ng_projecttlslite-ng
0.8.0:alpha15
tlslite-ng_projecttlslite-ng
0.8.0:alpha16
tlslite-ng_projecttlslite-ng
0.8.0:alpha17
tlslite-ng_projecttlslite-ng
0.8.0:alpha18
tlslite-ng_projecttlslite-ng
0.8.0:alpha19
tlslite-ng_projecttlslite-ng
0.8.0:alpha2
tlslite-ng_projecttlslite-ng
0.8.0:alpha20
tlslite-ng_projecttlslite-ng
0.8.0:alpha21
tlslite-ng_projecttlslite-ng
0.8.0:alpha22
tlslite-ng_projecttlslite-ng
0.8.0:alpha23
tlslite-ng_projecttlslite-ng
0.8.0:alpha24
tlslite-ng_projecttlslite-ng
0.8.0:alpha25
tlslite-ng_projecttlslite-ng
0.8.0:alpha26
tlslite-ng_projecttlslite-ng
0.8.0:alpha27
tlslite-ng_projecttlslite-ng
0.8.0:alpha28
tlslite-ng_projecttlslite-ng
0.8.0:alpha29
tlslite-ng_projecttlslite-ng
0.8.0:alpha3
tlslite-ng_projecttlslite-ng
0.8.0:alpha30
tlslite-ng_projecttlslite-ng
0.8.0:alpha31
tlslite-ng_projecttlslite-ng
0.8.0:alpha32
tlslite-ng_projecttlslite-ng
0.8.0:alpha33
tlslite-ng_projecttlslite-ng
0.8.0:alpha34
tlslite-ng_projecttlslite-ng
0.8.0:alpha35
tlslite-ng_projecttlslite-ng
0.8.0:alpha36
tlslite-ng_projecttlslite-ng
0.8.0:alpha37
tlslite-ng_projecttlslite-ng
0.8.0:alpha38
tlslite-ng_projecttlslite-ng
0.8.0:alpha4
tlslite-ng_projecttlslite-ng
0.8.0:alpha5
tlslite-ng_projecttlslite-ng
0.8.0:alpha6
tlslite-ng_projecttlslite-ng
0.8.0:alpha7
tlslite-ng_projecttlslite-ng
0.8.0:alpha8
tlslite-ng_projecttlslite-ng
0.8.0:alpha9
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
tlslite-ng
noble
dne
mantic
dne
lunar
dne
kinetic
dne
jammy
dne
impish
dne
hirsute
dne
groovy
dne
focal
dne
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
https://github.com/tlsfuzzer/tlslite-ng/pull/438
https://github.com/tlsfuzzer/tlslite-ng/pull/439
https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
https://pypi.org/project/tlslite-ng/
https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/
https://github.com/tlsfuzzer/tlslite-ng/commit/c28d6d387bba59d8bd5cb3ba15edc42edf54b368
https://github.com/tlsfuzzer/tlslite-ng/pull/438
https://github.com/tlsfuzzer/tlslite-ng/pull/439
https://github.com/tlsfuzzer/tlslite-ng/security/advisories/GHSA-wvcv-832q-fjg7
https://pypi.org/project/tlslite-ng/
https://securitypitfalls.wordpress.com/2018/08/03/constant-time-compare-in-python/