Filtered by vendor Rhonabwy Project
Subscriptions
Total
3 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-25714 | 2 Debian, Rhonabwy Project | 2 Debian Linux, Rhonabwy | 2024-10-18 | 9.8 Critical |
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) | ||||
CVE-2022-38493 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-08-03 | 7.5 High |
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | ||||
CVE-2022-32096 | 1 Rhonabwy Project | 1 Rhonabwy | 2024-08-03 | 7.5 High |
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. |
Page 1 of 1.