search

RustCrypto / RSA

RSA implementation in pure Rust
Apache License 2.0
536 stars 146 forks source link

Cargo Audit Medium Vulnerability Found #412

Closed msmeraglia closed 7 months ago

msmeraglia commented 7 months ago 
Crate:     rsa
Version:   0.9.6
Title:     Marvin Attack: potential key recovery through timing sidechannels
Date:      2023-11-22
ID:        RUSTSEC-2023-0071
URL:       https://rustsec.org/advisories/RUSTSEC-2023-0071
Severity:  5.9 (medium)
Solution:  No fixed upgrade is available!
tarcieri commented 7 months ago

We are aware, this is in fact the repository that contains the vulnerable crate: it was originally filed as #19, and we are working on a fix in #394