In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
Metrics
Affected Vendors & Products
References
History
Fri, 18 Oct 2024 14:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Debian
Debian debian Linux Rhonabwy Project Rhonabwy Project rhonabwy |
|
Weaknesses | CWE-203 | |
CPEs | cpe:2.3:a:rhonabwy_project:rhonabwy:*:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:12.0:*:*:*:*:*:*:* |
|
Vendors & Products |
Debian
Debian debian Linux Rhonabwy Project Rhonabwy Project rhonabwy |
|
Metrics |
cvssV3_1
|
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-02-11T00:00:00
Updated: 2024-08-01T23:52:06.192Z
Reserved: 2024-02-11T00:00:00
Link: CVE-2024-25714
Vulnrichment
Updated: 2024-08-01T23:52:06.192Z
NVD
Status : Analyzed
Published: 2024-02-11T03:15:09.393
Modified: 2024-10-18T14:08:58.867
Link: CVE-2024-25714
Redhat
No data.