Home > Vulnerability Database > CVE-2023-49092

Mend.io Vulnerability Database

CVE-2023-49092

Date: November 28, 2023

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

Language: RUST

Severity Score

5.9

Related Resources (4)

Url: https://github.com/RustCrypto/RSA/security/advisories/GHSA-c38w-74pg-36hr

Url: https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-49092

Url: https://www.mend.io/vulnerability-database/CVE-2023-49092

Severity Score

5.9

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Covert Timing Channel

CWE-385

CVSS v3.1

Base Score:	5.9
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-49092

Date: November 28, 2023

Language: RUST

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?