CVE-2023-49092: RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels
First published: Tue Nov 28 2023(Updated: )
### Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. ### Patches No patch is yet available, however work is underway to migrate to a fully constant-time implementation. ### Workarounds The only currently available workaround is to avoid using the `rsa` crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine. ### References This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks. - https://rustsec.org/advisories/RUSTSEC-2023-0071.html - https://people.redhat.com/~hkario/marvin/ - https://github.com/RustCrypto/RSA/issues/19
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Rust-lang Rsa | ||
| rust/rsa | <=0.9.6 | |
| Rustcrypto Rsa |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr
- https://nvd.nist.gov/vuln/detail/CVE-2023-49092
- https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643
- https://rustsec.org/advisories/RUSTSEC-2023-0071.html
- https://github.com/advisories/GHSA-c38w-74pg-36hr (Advisory)
Frequently Asked Questions
What is the severity of CVE-2023-49092?
The severity of CVE-2023-49092 is high with a severity value of 7.4.
What is the impact of CVE-2023-49092?
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
Is there a patch available for CVE-2023-49092?
No patch is available yet, but work is underway to mitigate the vulnerability.
Which software is affected by CVE-2023-49092?
The RustCrypto/RSA package with version up to and including 0.9.5 is affected by CVE-2023-49092.
What is the Common Weakness Enumeration (CWE) ID for CVE-2023-49092?
The CWE ID for CVE-2023-49092 is CWE-385.
- collector/nvd-cve
- collector/github-advisory-latest
- alias/GHSA-c38w-74pg-36hr
- alias/CVE-2023-49092
- collector/github-advisory
- agent/weakness
- agent/author
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/references
- agent/title
- agent/severity
- agent/tags
- agent/description
- agent/event
- collector/mitre-cve
- source/MITRE
- vendor/rust-lang
- canonical/rust-lang rsa
- package-manager/rust
- vendor/rustcrypto
- canonical/rustcrypto rsa