CVE-2023-52323

PyCryptodome and pycryptodomex before 3.19.1 allow side-channel leakage for OAEP decryption, exploitable for a Manger attack.

CVSS v3.0 5.9 MEDIUM

5.9^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst	Release Notes
https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst	Release Notes
https://pypi.org/project/pycryptodomex/#history	Release Notes
https://pypi.org/project/pycryptodomex/#history	Release Notes

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:pycryptodome:pycryptodomex::::::python::*
	cpe:2.3:a:pycryptodome:pycryptodome::::::python::*

History

11 Jan 2024, 17:06

Type	Values Removed	Values Added
References	~~() https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst -~~	() https://github.com/Legrandin/pycryptodome/blob/master/Changelog.rst - Release Notes
References	~~() https://pypi.org/project/pycryptodomex/#history -~~	() https://pypi.org/project/pycryptodomex/#history - Release Notes
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.9
CWE		CWE-203
First Time		Pycryptodome Pycryptodome pycryptodome Pycryptodome pycryptodomex
CPE		cpe:2.3:a:pycryptodome:pycryptodome::::::python::* cpe:2.3:a:pycryptodome:pycryptodomex::::::python::*

05 Jan 2024, 04:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-01-05 04:15

Updated : 2025-06-03 15:15

NVD link : CVE-2023-52323

Mitre link : CVE-2023-52323

JSON object : View

Products Affected

pycryptodome

pycryptodomex
pycryptodome

CWE

CWE-203

Observable Discrepancy

5.9 /10