13 matches found
rPGP vulnerable to parser crash on crafted RSA secret key packets through CVE-2026-21895
Summary It was possible to trigger an unhandled edge case in the Rust Crypto rsa crate through rPGP packet parsing functionality, and crash the process that runs rPGP. This problem has been patched in a new rsa version. The new release of rPGP ensures a patched version of the rsa crate is in use,...
SUSE CVE-2026-21895
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895
The CVE-2026-21895 entry concerns the rsa crate (Rust) where constructing an RSA private key from components panics if one of the primes equals 1 in versions prior to 0.9.10. The issue is resolved in 0.9.10. Connected sources confirm the affected component (rsa crate) and the fix version, with no...
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
CVE-2026-21895 rsa crate has potential panic on a prime being equal to 1
The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue...
Linux Distros Unpatched Vulnerability : CVE-2026-21895
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics...
PT-2026-2125
Name of the Vulnerable Software and Affected Versions rsa crate versions prior to 0.9.10 Description The rsa crate, an RSA implementation written in rust, experiences a panic instead of returning an error during the creation of an RSA private key from its components when one of the prime numbers ...
GHSA-C38W-74PG-36HR Marvin Attack: potential key recovery through timing sidechannels
Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...
BiliupApi (>=0.1.0 <=0.1.7), BrandoCulqi (=1.0.1) +338 more potentially affected by CVE-2023-49092 via rsa (>=0.1.2 <=0.8.2)
rsa CARGO version =0.1.2, =0.1.0, =1.0.0, =1.0.1, =0.0.1, =0.12.0, =0.5.0, =0.2.0, =0.1.0, =1.0.1, =0.1.0, =0.3.11, =0.3.21 and more Source cves: CVE-2023-49092 Source advisory: OSV:GHSA-C38W-74PG-36HR...
CVE-2023-49092
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...
CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...
CVE-2023-49092 RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is...
RUSTSEC-2023-0071 Marvin Attack: potential key recovery through timing sidechannels
Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. Patches No patch is yet available, however work is underway to migrate...