CVE-2023-52323
Aliases:GHSA-j225-cvw7-qrx7PYSEC-2024-3
Advisory lineage Upstream: 0 Downstream: 14
Modified
Published: 05 Jan 2024, 00:00
Last modified:03 Jun 2025, 14:41
Vulnerability Summary
Overall Risk (default)
low
24/100 CVSS Score
5.9 MEDIUM
v3.1 (cve.org)
EPSS Score
0.07% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
05 Jan 2024, 00:00
Published
Vulnerability first disclosed
03 Jun 2025, 14:41
Last Modified
Vulnerability information updated
Description
PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.
CVSS Metrics
- v4.0•HIGH•Score: 7.1CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
- v3.1•MEDIUM•Score: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
- v3.1•MEDIUM•Score: 5.3CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Trends
Current EPSS score: 0.07%• Percentile: 23%
Techniques & Countermeasures
- CWE-203•Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
Affected Systems
- pycryptodome•pycryptodome
< 3.19.1
- pycryptodome•pycryptodomex
< 3.19.1
- PyPI•pycryptodome
< 3.19.1
- PyPI•pycryptodomex
< 3.19.1
References (6)
- https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst
- https://pypi.org/project/pycryptodomex/#history
- https://nvd.nist.gov/vuln/detail/CVE-2023-52323
- https://github.com/Legrandin/pycryptodome/commit/0deea1bfe1489e8c80d2053bbb06a1aa0b181ebd
- https://github.com/Legrandin/pycryptodome
- https://github.com/pypa/advisory-database/tree/main/vulns/pycryptodomex/PYSEC-2024-3.yaml