5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49092

GHSA ID

GHSA-c38w-74pg-36hr

EPSS Score

0.71812%

CWE

CWE-203

Published

11/28/2023

Updated

12/15/2023

KEV Status

Technology

Rust

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-49092

CVE-2023-49092:
Marvin Attack: potential key recovery through timing sidechannels

Impact

Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.

Patches

No patch is yet available, however work is underway to migrate to a fully constant-time implementation.

Workarounds

The only currently available workaround is to avoid using the rsa crate in settings where attackers are able to observe timing information, e.g. local use on a non-compromised computer is fine.

References

This vulnerability was discovered as part of the "Marvin Attack", which revealed several implementations of RSA including OpenSSL had not properly mitigated timing sidechannel attacks.

https://rustsec.org/advisories/RUSTSEC-2023-0071.html
https://people.redhat.com/~hkario/marvin/
https://github.com/RustCrypto/RSA/issues/19

(GitHub Advisory)

5.9

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-49092

GHSA ID

GHSA-c38w-74pg-36hr

EPSS Score

0.71812%

CWE

CWE-203

Published

11/28/2023

Updated

12/15/2023

KEV Status

Technology

Rust

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
rsa	rust	<= 0.9.6

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The GitHub issue #19 explicitly identifies rsa::internals::encrypt as showing variable timing behavior. 2. The Marvin Attack context suggests RSA primitive implementations (like modpow) are vulnerable. 3. Cryptographic literature shows modular exponentiation is a classic source of timing leaks. 4. The lack of patches indicates fundamental algorithm-level issues rather than specific helper functions. 5. The CWE-385 (Timing Channel) classification confirms this type of vulnerability pattern.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t *u* to * non-*onst*nt-tim* impl*m*nt*tion, in*orm*tion **out t** priv*t* k*y is l**k** t*rou** timin* in*orm*tion w*i** is o*s*rv**l* ov*r t** n*twork. *n *tt**k*r m*y ** **l* to us* t**t in*orm*tion to r**ov*r t** k*y. ### P*t***s No p*t

Reasoning

*. T** *it*u* issu* #** *xpli*itly i**nti*i*s rs*::int*rn*ls::*n*rypt *s s*owin* v*ri**l* timin* ****vior. *. T** M*rvin *tt**k *ont*xt su***sts RS* primitiv* impl*m*nt*tions (lik* mo*pow) *r* vuln*r**l*. *. *rypto*r*p*i* lit*r*tur* s*ows mo*ul*r *xp

5.9

Basic Information

Concerned about an active attack path?

CVE-2023-49092: Marvin Attack: potential key recovery through timing sidechannels

Impact

Patches

Workarounds

References

5.9

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2023-49092:
Marvin Attack: potential key recovery through timing sidechannels

Vulnerability Intelligence
Miggo AI