CVE-2023-49092
published 2023-11-28CVE-2023-49092: RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through…
PriorityP429medium5.9CVSS 3.1
AVNACHPRNUINSUCHINAN
EPSS
0.60%
44.5th percentile
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | rust-rsa | — | — |
| rustcrypto | rsa | <= 0.9.5 | — |
| rustcrypto | rsa | 0 – 0.9.6 | — |
| rustcrypto | rsa | >= 0.0.0-0 | — |
CVSS provenance
nvdv3.15.9MEDIUMCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
osv5.9MEDIUM
vendor_debian5.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
CVE-2023-49092: RustCrypto/RSA is a portable RSA implementation in pure Rust
osv·2023-11-28·CVSS 5.9
CVE-2023-49092 [MEDIUM] CVE-2023-49092: RustCrypto/RSA is a portable RSA implementation in pure Rust
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.
OSV
Marvin Attack: potential key recovery through timing sidechannels
osv·2023-11-28
CVE-2023-49092 [MEDIUM] Marvin Attack: potential key recovery through timing sidechannels
Marvin Attack: potential key recovery through timing sidechannels
The [Marvin Attack] is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key.
A recent survey of RSA implementations found that the Rust `rsa` crate is one of many implementations vulnerable to this attack.
No fixed version is available at this time.
[Marvin Attack]: https://people.redhat.com/~hkario/marvin/
OSV
Marvin Attack: potential key recovery through timing sidechannels
osv·2023-11-28
CVE-2023-49092 [MEDIUM] Marvin Attack: potential key recovery through timing sidechannels
Marvin Attack: potential key recovery through timing sidechannels
### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
### Patches
No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
### Workarounds
The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.
### References
This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated
GHSA
Marvin Attack: potential key recovery through timing sidechannels
ghsa·2023-11-28
CVE-2023-49092 [MEDIUM] CWE-203 Marvin Attack: potential key recovery through timing sidechannels
Marvin Attack: potential key recovery through timing sidechannels
### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
### Patches
No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
### Workarounds
The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.
### References
This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated
OSV
Marvin Attack: potential key recovery through timing sidechannels
osv·2023-11-22
CVE-2023-49092 Marvin Attack: potential key recovery through timing sidechannels
Marvin Attack: potential key recovery through timing sidechannels
### Impact
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
### Patches
No patch is yet available, however work is underway to migrate to a fully constant-time implementation.
### Workarounds
The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.
### References
This vulnerability was discovered as part of the "[Marvin Attack]", which revealed several implementations of RSA including OpenSSL had not properly mitigat
Debian
CVE-2023-49092: rust-rsa - RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-const...
vendor_debian·2023·CVSS 5.9
CVE-2023-49092 [MEDIUM] CVE-2023-49092: rust-rsa - RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-const...
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.
Scope: local
forky: open
sid: open
trixie: open
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-11-28
Published