5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.4%
RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a
non-constant-time implementation, information about the private key is
leaked through timing information which is observable over the network. An
attacker may be able to use that information to recover the key. There is
currently no fix available. As a workaround, avoid using the RSA crate in
settings where attackers are able to observe timing information, e.g. local
use on a non-compromised computer.
github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643
github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr
launchpad.net/bugs/cve/CVE-2023-49092
nvd.nist.gov/vuln/detail/CVE-2023-49092
people.redhat.com/~hkario/marvin/
rustsec.org/advisories/RUSTSEC-2023-0071.html
security-tracker.debian.org/tracker/CVE-2023-49092
www.cve.org/CVERecord?id=CVE-2023-49092
5.9 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
6.8 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
37.4%