CVE-2023-49092: Marvin Attack: potential key recovery through timing sidechannels
(updated )
Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the key.
References
Detect and mitigate CVE-2023-49092 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →