Rust RSA Crate Vulnerability: Marvin Attack Exposes Timing Sidechannel Key Recovery Risk

A security audit has identified a critical vulnerability (RUSTSEC-2023-0071) in the `rsa` crate version 0.9.10, exposing systems to potential private key recovery through timing sidechannel attacks. The flaw stems from a non-constant-time implementation, allowing network-observable timing information to leak details about the private key. An attacker exploiting this could recover the cryptographic key. No official patch is currently available, though development is underway to migrate to a fully constant-time implementation. The only recommended workaround is to avoid using the vulnerable `rsa` crate in environments where attackers can observe timing information, limiting its use to local, non-compromised systems. This vulnerability is part of the broader "Marvin Attack," which has exposed similar timing sidechannel weaknesses in multiple RSA implementations, including OpenSSL. The issue was automatically flagged by a security audit workflow, highlighting an ongoing risk in a widely used cryptographic library with no immediate fix.