VYPR
← All advisories
Low severityOSV Advisory· Published Jan 8, 2026· Updated Jan 8, 2026

rsa crate has potential panic on a prime being equal to 1

CVE-2026-21895

Description

The rsa crate is an RSA implementation written in rust. Prior to version 0.9.10, when creating a RSA private key from its components, the construction panics instead of returning an error when one of the primes is 1. Version 0.9.10 fixes the issue.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
rsacrates.io
< 0.9.100.9.10

Affected products

1

Patches

1
2926c91bef7c

fix: do not panic on a prime being 1 when loading a secret key (#624)

https://github.com/RustCrypto/RSAFriedel ZiegelmayerJan 6, 2026via ghsa
commit
3 files changed · +20 12
  • Cargo.lock+2 9 modified
    @@ -70,12 +70,6 @@ dependencies = [
  "generic-array",
 ]
 
-[[package]]
-name = "byteorder"
-version = "1.5.0"
-source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "1fd0f2584146f6f2ef48085050886acf353beff7305ebd1ae69500e27c67f64b"
-
 [[package]]
 name = "cbc"
 version = "0.1.2"
@@ -255,11 +249,10 @@ checksum = "969488b55f8ac402214f3f5fd243ebb7206cf82de60d3172994707a4bcc2b829"
 
 [[package]]
 name = "num-bigint-dig"
-version = "0.8.4"
+version = "0.8.6"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "dc84195820f291c7697304f3cbdadd1cb7199c0efc917ff5eafd71225c136151"
+checksum = "e661dda6640fad38e827a6d4a310ff4763082116fe217f279885c97f511bb0b7"
 dependencies = [
- "byteorder",
  "lazy_static",
  "libm",
  "num-integer",
  • Cargo.toml+1 1 modified
    @@ -13,7 +13,7 @@ readme = "README.md"
 rust-version = "1.65"
 
 [dependencies]
-num-bigint = { version = "0.8.2", features = ["i128", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" }
+num-bigint = { version = "0.8.6", features = ["i128", "prime", "zeroize"], default-features = false, package = "num-bigint-dig" }
 num-traits = { version= "0.2.9", default-features = false, features = ["libm"] }
 num-integer = { version = "0.1.39", default-features = false }
 rand_core = { version = "0.6.4", default-features = false }
  • src/key.rs+17 2 modified
    @@ -391,7 +391,7 @@ impl RsaPrivateKey {
         let mut m = BigUint::one();
         for prime in &self.primes {
             // Any primes ≤ 1 will cause divide-by-zero panics later.
-            if *prime < BigUint::one() {
+            if *prime <= BigUint::one() {
                 return Err(Error::InvalidPrime);
             }
             m *= prime;
@@ -538,7 +538,7 @@ mod tests {
     use crate::algorithms::rsa::{rsa_decrypt_and_check, rsa_encrypt};
 
     use hex_literal::hex;
-    use num_traits::{FromPrimitive, ToPrimitive};
+    use num_traits::{FromPrimitive, ToPrimitive, Zero};
     use pkcs8::DecodePrivateKey;
     use rand_chacha::{rand_core::SeedableRng, ChaCha8Rng};
 
@@ -841,4 +841,19 @@ mod tests {
 
         assert_eq!(key.d(), ref_key.d());
     }
+
+    #[test]
+    fn test_key_invalid_primes() {
+        let e = RsaPrivateKey::from_components(
+            BigUint::from_u64(239).unwrap(),
+            BigUint::from_u64(185).unwrap(),
+            BigUint::zero(),
+            vec![
+                BigUint::from_u64(1).unwrap(),
+                BigUint::from_u64(239).unwrap(),
+            ],
+        )
+        .unwrap_err();
+        assert_eq!(e, Error::InvalidPrime);
+    }
 }

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

4

News mentions

0

No linked articles in our index yet.