Lucene search
PRIOn knowledge basePRION:CVE-2023-49092HistoryNov 28, 2023 - 9:15 p.m.
Design/Logic Flaw
2023-11-2821:15:00
PRIOn knowledge base
www.prio-n.com
4
rustcrypto rsa implementation
timing information leak
private key exposure
network observation
fix unavailable
workaround
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.
Related
cve
cve
CVE-2023-49092
2023-11-28 21:15:08
osv
osv
Marvin Attack: potential key recovery through timing sidechannels
2023-11-22 12:00:00
Marvin Attack: potential key recovery through timing sidechannels
2023-11-28 23:28:25
Marvin Attack: potential key recovery through timing sidechannels
2023-11-28 23:28:27
cvelist
cvelist
github
github
Marvin Attack: potential key recovery through timing sidechannels
2023-11-28 23:28:27
nvd
nvd
CVE-2023-49092
2023-11-28 21:15:08
ubuntucve
ubuntucve
CVE-2023-49092
2023-11-28 00:00:00
debiancve
debiancve
CVE-2023-49092
2023-11-28 21:15:08