CVE-2023-50979
Description
Crypto++ through 8.9.0 is vulnerable to a Marvin timing side-channel attack during PKCS#1 v1.5 decryption, enabling plaintext recovery.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Crypto++ through 8.9.0 is vulnerable to a Marvin timing side-channel attack during PKCS#1 v1.5 decryption, enabling plaintext recovery.
Vulnerability
Crypto++ (cryptopp) versions through 8.9.0 contain a Marvin side-channel vulnerability in the decryption routine for PKCS#1 v1.5 padding [1]. The implementation does not perform constant-time processing when validating the padding structure, allowing an attacker to distinguish between valid and invalid ciphertexts via timing measurements.
Exploitation
An attacker with network access to a system using Crypto++ for RSA decryption with PKCS#1 v1.5 padding can send crafted ciphertexts and measure the decryption time. The attack requires the ability to observe precise timing differences (on the order of hundreds of nanoseconds) and typically thousands of measurement pairs to achieve statistical significance [1]. The reproducer provided in the marvin-toolkit repository demonstrates the attack on an AMD Ryzen 5 5600X system.
Impact
Successful exploitation allows an attacker to recover the plaintext of a chosen ciphertext, breaking the confidentiality of RSA-encrypted messages. This is a classic Bleichenbacher-style attack enabled by a timing side channel, leading to information disclosure of the decrypted data.
Mitigation
As of the publication date (2023-12-18), no fixed version has been released. Users are advised to monitor the Crypto++ repository for a patch. In the interim, switching to OAEP padding (PKCS#1 v2) or using a different cryptographic library that implements constant-time RSA decryption is recommended.
AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
6- Crypto++/Crypto++description
- Range: <=8.9.0
- osv-coords4 versionspkg:rpm/opensuse/libcryptopp&distro=openSUSE%20Leap%2015.6pkg:rpm/opensuse/libcryptopp&distro=openSUSE%20Tumbleweedpkg:rpm/suse/libcryptopp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6pkg:rpm/suse/libcryptopp&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP7
< 8.6.0-150400.3.12.1+ 3 more
- (no CPE)range: < 8.6.0-150400.3.12.1
- (no CPE)range: < 8.9.0-6.1
- (no CPE)range: < 8.6.0-150400.3.12.1
- (no CPE)range: < 8.6.0-150400.3.12.1
Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
1News mentions
0No linked articles in our index yet.