How severe is CVE-2023-49092?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2023-49092?

This is classified as CWE-385, which is a common weakness in software security.

CVE-2023-49092 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key. There is currently no fix available. As a workaround, avoid using the RSA crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer.

Related Vulnerabilities

CVE-2018-10844

MEDIUM

CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recove...

CWE-3852018

CVE-2018-10845

MEDIUM

CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recov...

CWE-3852018

CVE-2019-3732

MEDIUM

CVSS:5.9(Medium)

RSA BSAFE Crypto-C Micro Edition, versions prior to 4.0.5.3 (in 4.0.x) and versions prior to 4.1.3.3 (in 4.1.x), and RSA Micro Edition Suite, versions prior to 4.0.11 (in 4.0.x) versions prior to 4.1....

CWE-3852019

CVE-2020-25657

MEDIUM

CVSS:5.9(Medium)

A flaw was found in all released versions of m2crypto, where they are vulnerable to Bleichenbacher timing attacks in the RSA decryption API via the timed processing of valid PKCS#1 v1.5 Ciphertext. Th...

CWE-3852020

CVE-2020-25658

MEDIUM

CVSS:5.9(Medium)

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.

CWE-3852020

CVE-2020-25659

MEDIUM

CVSS:5.9(Medium)

python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

CWE-3852020