{
  "threat_severity" : "Moderate",
  "public_date" : "2020-11-13T00:00:00Z",
  "bugzilla" : {
    "description" : "m2crypto: bleichenbacher timing attacks in the RSA decryption API",
    "id" : "1889823",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1889823"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-203",
  "details" : [ "A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality.", "A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. The highest threat from this vulnerability is to confidentiality." ],
  "affected_release" : [ {
    "product_name" : "Red Hat Virtualization Engine 4.4",
    "release_date" : "2021-04-14T00:00:00Z",
    "advisory" : "RHSA-2021:1169",
    "cpe" : "cpe:/a:redhat:rhev_manager:4.4:el8",
    "package" : "org.ovirt.engine-root-0:4.4.5.9-1"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "m2crypto",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "m2crypto",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-25657\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25657" ],
  "name" : "CVE-2020-25657",
  "csaw" : false
}