CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

CVE-2025-29780

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

CVE-2025-29780 Post-Quantum Secure Feldman's Verifiable Secret Sharing has Timing Side-Channels in Matrix Operations

Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing VSS scheme. In versions 0.8.0b2 and prior, the feldmanvss library contains timing side-channel vulnerabilities in its matrix operations, specifically within the...

CVE-2024-25714

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. The fix uses gnutlsmemcmp, which has constant-time execution...

CVE-2021-24119

In Trusted Firmware Mbed TLS 2.24.0, a side-channel vulnerability in base64 PEM file decoding allows system-level administrator attackers to obtain information about secret RSA keys via a controlled-channel and side-channel attack on software running in isolated environments that can be single...

NetBSD Security Advisory 2005-001: Crypto leaks across HyperThreaded CPUs (i386, P4, HTT+SMP only)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 NetBSD Security Advisory 2005-001 ================================= Topic: Crypto leaks across HyperThreaded CPUs i386, P4, HTT+SMP only Version: NetBSD-current: affected, i386 on P4 with HTT and SMP kernels NetBSD 2.0: affected, i386 on P4 with HTT a...