CVE-2023-49092: RustCrypto/RSA vulnerable to a Marvin Attack via key recovery through timing sidechannels

Published Nov 28, 2023
·
Updated

Impact Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

- https://rustsec.org/advisories/RUSTSEC-2023-0071.html - https://people.redhat.com/~hkario/marvin/ - https://github.com/RustCrypto/RSA/issues/19

Other sources

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

Affected Software

3 affected components
rust/rsa<=0.9.6
RustCrypto Rsa Rust
rust-lang Rsa Rust

Event History

Nov 28, 2023
CVE Published
08:57 PM
Data Sourced
08:57 PM
DescriptionSeverityWeakness
Advisory Published
11:28 PM
Free Weekly Intel

Don't miss critical vulnerabilities

Join thousands of security professionals who receive our weekly digest of trending CVEs, zero-days, and exploited vulnerabilities.

No spam. Unsubscribe anytime.

Frequently Asked Questions

1

What is the severity of CVE-2023-49092?

The severity of CVE-2023-49092 is high with a severity value of 7.4.

2

What is the impact of CVE-2023-49092?

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

3

Is there a patch available for CVE-2023-49092?

No patch is available yet, but work is underway to mitigate the vulnerability.

4

Which software is affected by CVE-2023-49092?

The RustCrypto/RSA package with version up to and including 0.9.5 is affected by CVE-2023-49092.

5

What is the Common Weakness Enumeration (CWE) ID for CVE-2023-49092?

The CWE ID for CVE-2023-49092 is CWE-385.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2026 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203