CVE-2023-50782

HIGH 7.5

Python-cryptography: bleichenbacher timing oracle attack against rsa decryption - incomplete fix for cve-2020-25659

CVSS Score

7.5

EPSS Score

1.1%

EPSS Percentile

78th

A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

CWE	CWE-203
Published	Feb 5, 2024
Last Updated	Mar 24, 2026

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Red Hat / Red Hat Ansible Automation Platform 2

All versions affected

Red Hat / Red Hat Enterprise Linux 7

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 8

All versions affected

Red Hat / Red Hat Enterprise Linux 9

All versions affected

Red Hat / Red Hat Satellite 6

All versions affected

Red Hat / Red Hat Update Infrastructure 4 for Cloud Providers

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/security/cve/CVE-2023-50782 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2254432 couchbase.com: https://www.couchbase.com/alerts/

Credits

This issue was discovered by Hubert Kario (Red Hat).