38 matches found
CVE-2022-38493
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...
EUVD-2022-41076
Malicious code in bioql PyPI...
EUVD-2022-53364
Malicious code in bioql PyPI...
Linux Distros Unpatched Vulnerability : CVE-2022-32096
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial ...
Linux Distros Unpatched Vulnerability : CVE-2022-38493
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Servi...
CVE-2022-32096
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component rjweaesgcmkeyunwrap. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted JWE token...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
DEBIAN-CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
UBUNTU-CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
Code injection
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2024-25714
CVE-2024-25714 affects Rhonabwy up to 1.1.13. The HMAC signature verification uses a strcmp-based comparison that can leak timing information via a side-channel, as it stops at the first difference. The documented fix replaces this with a constant-time function (gnutls_memcmp). No exploitation de...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
CVE-2024-25714
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...
Rhonabwy security breach
Rhonabwy is a Javascript Object Signing and Encryption JOSE library by Nicolas Mora, a Canadian personal developer. A security vulnerability exists in Rhonabwy 1.1.13 and earlier versions, which stems from the use of the strcmp function for HMAC signature verification...
PT-2024-21109 · Rhonabwy +1 · Rhonabwy +1
Name of the Vulnerable Software and Affected Versions: Rhonabwy versions 1.1.13 and earlier Description: The issue is related to HMAC signature verification, which uses a strcmp function. This function is vulnerable to side-channel attacks because it stops the comparison when the first difference...
CVE-2022-38493
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...
DEBIAN-CVE-2022-38493
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE JSON Web Encryption token...