CVE-2026-21895

Опубликовано: 08 янв. 2026

Источник: nvd

CVSS3: 5.3

EPSS Низкий

Описание

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue.

Ссылки

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:rustcrypto:rsa:*:*:*:*:*:rust:*:*

Версия до 0.9.10 (исключая)

EPSS

Процентиль: 5%

0.0002

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-703

Связанные уязвимости

CVE-2026-21895

CVSS3: 5.3

ubuntu

3 месяца назад

The `rsa` crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is `1`. Version 0.9.10 fixes the issue.

CVE-2026-21895

CVSS3: 5.5

redhat

3 месяца назад

CVE-2026-21895

msrc

2 месяца назад

rsa crate has potential panic on a prime being equal to 1

CVE-2026-21895

CVSS3: 5.3

debian

3 месяца назад

The `rsa` crate is an RSA implementation written in rust. Prior to ver ...

GHSA-9c48-w39g-hm26

github

3 месяца назад

rsa crate has potential panic on a prime being equal to 1

EPSS

Процентиль: 5%

0.0002

Низкий

5.3 Medium

CVSS3

Дефекты

CWE-703