CVE-2026-4603

A flaw was found in jsrsasign. An attacker can exploit a division by zero vulnerability by supplying a specially crafted JSON Web Key JWK whose modulus decodes to zero. This vulnerability can force RSA public-key operations, such as verification and encryption, to produce deterministic zero...

jsrsasign: Division by Zero Allows Invalid JWK Modulus to Cause Deterministic Zero Output in RSA Operations

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

CVE-2026-4603

Versions of the package jsrsasign before 11.1.1 are vulnerable to Division by zero due to the RSASetPublic/KEYUTIL parsing path in ext/rsa.js and the BigInteger.modPowInt reduction logic in ext/jsbn.js. An attacker can force RSA public-key operations e.g., verify and encryption to collapse to...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: osbuild-composer (UTSA-2026-005317)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005317 advisory. A memory leak flaw was found in Golang in the RSA encrypting/decrypting code, which might lead to a resource exhaustion vulnerability using attacker-controlled input...

CVE-2024-41760

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

JLSEC-2025-232 Side channel in RSA key generation and operations (SSBleed, M-Step)

Vulnerability Mbed TLS's modular inversion routine and GCD routine are vulnerable to local timing attacks in a number of settings discussed below. These functions are used in RSA, making the following operations vulnerable in all configurations: - RSA key generation with any API mbedtlsrsagenkey...

Linux Distros Unpatched Vulnerability : CVE-2025-54764

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd. CVE-2025-54764 Note th...

EUVD-2025-35113

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

ALPINE-CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

DEBIAN-CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

Timing Attack

Overview Affected versions of this package are vulnerable to Timing Attack via the mbedtlsmpimodinv or mbedtlsmpigcd functions. An attacker can recover sensitive information from RSA operations by performing a local timing analysis. Note: Applications that do not use RSA private keys and do not...

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

CVE-2025-54764

CVE-2025-54764 affects Mbed TLS up to 3.6.4. The vulnerability is a local timing attack on certain RSA operations and on direct calls to mbedtls_mpi_mod_inv or mbedtls_mpi_gcd. Affected component: Mbed TLS RSA-related routines. Root cause: timing side-channel in RSA-related MPI operations. Impact...

CVE-2025-54764

Mbed TLS before 3.6.5 allows a local timing attack against certain RSA operations, and direct calls to mbedtlsmpimodinv or mbedtlsmpigcd...

EUVD-2006-3124

Malware in sbrugna...

EUVD-2024-54203

Malicious code in bioql PyPI...

Medium: nss-softokn

Issue Overview: new tlsfuzzer code can still detect timing issues in RSA operations CVE-2023-4421 Affected Packages: nss-softokn Note: This advisory is applicable to Amazon Linux 2 AL2 Core repository. Visit this FAQ section for the difference between AL2 Core and AL2 Extras advisories. Issue...

CVE-2024-41760

IBM Common Cryptographic Architecture 7.0.0 through 7.5.51 could allow an attacker to obtain sensitive information due to a timing attack during certain RSA operations...

CVE-2024-41760

CVE-2024-41760 affects IBM Common Cryptographic Architecture (CCA) 7.0.0–7.5.51. The Red Hat advisory and IBM security bulletin confirm a timing-attack-based information disclosure during certain RSA operations, enabling an attacker to obtain sensitive data. Impact is Information Disclosure (CVE-...