CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

2023-11-2820:57:06

CWE-385

GitHub_M

www.cve.org

cve-2023-49092

rustcrypto/rsa

marvin attack

key recovery

timing sidechannels

non-constant-time implementation

network observation

private key leakage

no fix available

workaround

rsa crate

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

5.6 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

37.4%

JSON

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

CNA Affected

[
  {
    "vendor": "RustCrypto",
    "product": "RSA",
    "versions": [
      {
        "version": "<= 0.9.5",
        "status": "affected"
      }
    ]
  }
]