MEDIUM🇬🇧 English

CVE-2023-49092

CVSS 5.9v3.1pub. 2023-11-28upd. 2024-11-21

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
  • Rustcrypto Rsa

    APP
    Rustcrypto
    wszystkie wersje
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2026-21895LOW2.7ten sam produkt

Crate `rsa` to implementacja RSA napisana w Rust. Przed wersją 0.9.10, podczas tworzenia prywatnego klucza RSA...

CVE-2026-23519HIGH8.9ten sam vendor

RustCrypto CMOV provides conditional move CPU intrinsics which are guaranteed on major platforms to execute in...

CVE-2026-22698HIGH8.7ten sam vendor

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and ...

CVE-2026-22699HIGH7.5ten sam vendor

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and ...

CVE-2026-22700HIGH7.5ten sam vendor

RustCrypto: Elliptic Curves is general purpose Elliptic Curve Cryptography (ECC) support, including types and ...