2 matches found
CVE-2023-49092
The CVE-2023-49092 entry concerns RustCrypto/RSA, a pure Rust portable RSA implementation. The root cause is a non-constant-time implementation that leaks information about the private key through timing observations over the network. Practical impact is key recovery by an attacker who can observ...
CVE-2026-21895
The CVE-2026-21895 entry concerns the rsa crate (Rust) where constructing an RSA private key from components panics if one of the primes equals 1 in versions prior to 0.9.10. The issue is resolved in 0.9.10. Connected sources confirm the affected component (rsa crate) and the fix version, with no...