CVE-2020-13757
📋 TL;DR
This vulnerability in Python-RSA allows attackers to infer that an application uses Python-RSA by exploiting its handling of leading null bytes during decryption. It could also lead to excessive memory allocation if ciphertext length affects application behavior. Users of Python-RSA versions before 4.1 are affected.
💻 Affected Systems
- Python-RSA
📦 What is this software?
Fedora by Fedoraproject
Fedora by Fedoraproject
Python Rsa by Python Rsa Project
Ubuntu Linux by Canonical
⚠️ Risk & Real-World Impact
Worst Case
An attacker could fingerprint the use of Python-RSA, potentially aiding further attacks, or cause denial-of-service through memory exhaustion if applications allocate memory based on ciphertext length.
Likely Case
Most probable impact is information leakage, allowing attackers to detect Python-RSA usage, which might facilitate targeted exploits against known weaknesses.
If Mitigated
With proper controls like input validation and updated libraries, the risk is minimal, as the vulnerability does not directly enable code execution or data theft.
🎯 Exploit Status
Exploitation is straightforward but limited to information disclosure or potential DoS; no public proof-of-concept is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.1 and later
Vendor Advisory: https://github.com/sybrenstuvel/python-rsa/issues/146
Restart Required: No
Instructions:
1. Update Python-RSA to version 4.1 or later using pip: 'pip install --upgrade rsa'. 2. Verify the update with 'pip show rsa' to confirm version >=4.1. 3. Test application functionality to ensure compatibility.
🔧 Temporary Workarounds
Input Validation Workaround
allImplement custom validation to reject ciphertexts with leading null bytes before decryption.
# Python code snippet to strip leading null bytes before decryption
ciphertext = ciphertext.lstrip('\x00')
🧯 If You Can't Patch
- Monitor logs for unusual decryption attempts or memory spikes related to ciphertext processing.
- Restrict network access to affected applications to reduce exposure to potential attackers.
🔍 How to Verify
Check if Vulnerable:
Check the installed Python-RSA version with 'pip show rsa' or 'python -c "import rsa; print(rsa.__version__)"'; if version is <4.1, it is vulnerable.Check Version:
pip show rsa | grep VersionVerify Fix Applied:
After updating, run the same version check to confirm version >=4.1 and test decryption with sample ciphertexts containing leading null bytes to ensure they are handled correctly.📡 Detection & Monitoring
Log Indicators:
- Log entries showing decryption failures or unusual memory usage patterns during RSA operations.
Network Indicators:
- Unusual network traffic patterns targeting RSA endpoints, such as repeated decryption requests with varying ciphertext lengths.
SIEM Query:
Example: 'event_type:decryption AND (error:memory OR error:null_byte)'🔗 References
- https://github.com/sybrenstuvel/python-rsa/issues/146
- https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/
- https://usn.ubuntu.com/4478-1/
- https://github.com/sybrenstuvel/python-rsa/issues/146
- https://github.com/sybrenstuvel/python-rsa/issues/146#issuecomment-641845667
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2KILTHBHNSDUCYV22ODLOKTICJJ7JQIQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZYB65VNILRBTXL6EITQTH2PZPK7I23MW/
- https://usn.ubuntu.com/4478-1/
