diff options
author | Sybren A. Stüvel <sybren@stuvel.eu> | 2020-06-03 14:39:23 +0200 |
---|---|---|
committer | Sybren A. Stüvel <sybren@stuvel.eu> | 2020-06-03 14:57:17 +0200 |
commit | 93af6f2f89a9bf28361e67716c4240e691520f30 (patch) | |
tree | 5ecc5885aed6da135fed8e6cb4ddc591c3eb6531 /CHANGELOG.md | |
parent | ae1a906952557f616706f79c66030fd812e48cdf (diff) | |
download | rsa-git-93af6f2f89a9bf28361e67716c4240e691520f30.tar.gz |
Fix CVE-2020-13757: detect cyphertext modifications by prepending zero bytes
Reject cyphertexts that have been modified by prepending zero bytes, by
checking the cyphertext length against the expected size (given the
decryption key). This resolves CVE-2020-13757.
The same approach is used when verifying a signature.
Thanks Carnil for pointing this out on https://github.com/sybrenstuvel/python-rsa/issues/146
Diffstat (limited to 'CHANGELOG.md')
-rw-r--r-- | CHANGELOG.md | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 1aae86d..8acc44d 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,9 @@ is natively supported by Python 3.6+ and supported via a third-party library on Python 3.5. - Choose blinding factor relatively prime to N. Thanks Christian Heimes for pointing this out. +- Reject cyphertexts (when decrypting) and signatures (when verifying) that have + been modified by prepending zero bytes. This resolves CVE-2020-13757. Thanks + Carnil for pointing this out. ## Version 4.0 - released 2018-09-16 |