The [Marvin Attack] is a timing sidechannel vulnerability which allows performing RSA decryption and signing operations as an attacker with the ability to observe only the time of the decryption operation performed withthe private key.
A recent survey of RSA implementations found that the Rust rsa
crate is one of many implementations vulnerable to this attack.
No fixed version is available at this time.
{ "github_reviewed_at": "2023-11-28T23:28:25Z", "cwe_ids": [ "CWE-385" ], "nvd_published_at": null, "severity": "MODERATE", "github_reviewed": true }