GHSA-4grx-2x9w-596c

Опубликовано: 28 нояб. 2023

Источник: github

Github: Прошло ревью

CVSS3: 5.9

Описание

Marvin Attack: potential key recovery through timing sidechannels

The Marvin Attack is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key.

A recent survey of RSA implementations found that the Rust rsa crate is one of many implementations vulnerable to this attack.

No fixed version is available at this time.

Ссылки

https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr
https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643
https://rustsec.org/advisories/RUSTSEC-2023-0071.html

Пакеты

Наименование

rsa

rust

Затронутые версииВерсия исправления

<= 0.9.6

Отсутствует

5.9 Medium

CVSS3

Дефекты

CWE-385

5.9 Medium

CVSS3

Дефекты

CWE-385