Description: A timing based side-channel exists in the rust-openssl package which could be sufficient to recover a plaintext across a network in a Bleichenbacher style attack. To achieve successful decryption an attacker would have to be able to send a large number of trial messages for decryption. The vulnerability affects the legacy PKCS#1v1.5 RSA encryption padding mode. References: https://people.redhat.com/~hkario/marvin/ https://github.com/sfackler/rust-openssl/issues/2171
Created rust-openssl tracking bugs for this issue: Affects: fedora-all [bug 2269725]