CVE-2026-21895
Panic Vulnerability in rsa Crate Private Key Construction
Publication date: 2026-01-08
Last updated on: 2026-03-12
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rustcrypto | rsa | to 0.9.10 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-703 | The product does not properly anticipate or handle exceptional conditions that rarely occur during normal operation of the product. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability occurs in the RustCrypto rsa crate versions up to 0.9.9, where constructing an RSA private key with a prime factor equal to 1 causes the code to panic (crash) instead of returning an error. The issue arises because the code only checked if primes were less than 1, not equal to 1, leading to divide-by-zero panics during computations. Version 0.9.10 fixes this by rejecting primes less than or equal to 1 and returning an error instead of panicking. [1, 2]
How can this vulnerability impact me? :
This vulnerability can cause unexpected termination (panic) of any program using the rsa crate when an RSA private key is constructed with an invalid prime equal to 1. This can lead to denial of service or instability in applications relying on this library for cryptographic operations. [2, 1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability is related to the rsa crate in Rust when constructing an RSA private key with a prime equal to 1, causing a panic. Detection involves checking if your system or application uses rsa crate versions up to 0.9.9. There are no specific network detection commands provided. To detect vulnerable versions, you can check your Rust project's dependencies with commands like `cargo tree | grep rsa` to see the rsa crate version. Additionally, reviewing logs for unexpected panics related to RSA key construction may help identify exploitation attempts. [2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade the rsa crate to version 0.9.10 or later, where the issue is fixed by proper validation rejecting primes less than or equal to 1 and returning an error instead of panicking. Avoid using vulnerable versions (up to 0.9.9) in your projects. Additionally, review your RSA key generation and loading code to ensure it handles errors correctly and does not use invalid prime values. [1, 2]