File tree 1 file changed +27
-0
lines changed
1 file changed +27
-0
lines changed Original file line number Diff line number Diff line change 1+ ``` toml
2+ [advisory ]
3+ id = " RUSTSEC-0000-0000"
4+ package = " rsa"
5+ date = " 2023-11-22"
6+ keywords = [" cryptography"
7+ categories = [" crypto-failure"
8+ url = " https://github.com/RustCrypto/RSA/issues/19#issuecomment-1822995643"
9+ references = [" https://people.redhat.com/~hkario/marvin/"
10+
11+ [versions ]
12+ patched = []
13+ ```
14+
15+ # Marvin Attack: potential key recovery through timing sidechannels
16+
17+ The [ Marvin Attack] is a timing sidechannel vulnerability which allows
18+ performing RSA decryption and signing operations as an attacker with the
19+ ability to observe only the time of the decryption operation performed with
20+ the private key.
21+
22+ A recent survey of RSA implementations found that the Rust ` rsa ` crate is one
23+ of many implementations vulnerable to this attack.
24+
25+ No fixed version is available at this time.
26+
27+ [ Marvin Attack ] : https://people.redhat.com/~hkario/marvin/
You can’t perform that action at this time.
0 commit comments