Lucene search
K

920 matches found

Cvelist
Cvelist
added 2026/03/30 7:7 p.m.36 views

CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS0.00385EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/30 7:7 p.m.1 views

CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS6.5AI score0.00385EPSS
Exploits0References1
AlpineLinux
AlpineLinux
added 2026/03/30 7:7 p.m.3 views

CVE-2026-21713

A flaw in Node.js HMAC verification uses a non-constant-time comparison when validating user-provided signatures, potentially leaking timing information proportional to the number of matching bytes. Under certain threat models where high-resolution timing measurements are possible, this behavior...

5.9CVSS6.5AI score0.00385EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/03/26 3:18 p.m.4 views

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

5.9CVSS5.8AI score0.00265EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/03/26 8:3 a.m.8 views

ksmbd: Compare MACs in constant time

...

7.4CVSS5.8AI score0.00392EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/03/25 4:55 p.m.6 views

SUSE CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References3
Snyk
Snyk
added 2026/03/25 4:14 p.m.5 views

Observable Timing Discrepancy

Overview Affected versions of this package are vulnerable to Observable Timing Discrepancy due to the cryptohmac.cc module using memcmp, a non-constant-time comparison function to validate user-provided HMAC signatures, rather than the timing-safe equivalents used elsewhere in the codebase. An...

6.3CVSS5.9AI score0.00385EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/25 12:30 p.m.5 views

EUVD-2026-15344

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

5.6AI score0.00392EPSS
Exploits0References7
NVD
NVD
added 2026/03/25 11:16 a.m.6 views

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS0.00392EPSS
Exploits0References7
OSV
OSV
added 2026/03/25 11:16 a.m.8 views

UBUNTU-CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References9
UbuntuCve
UbuntuCve
added 2026/03/25 11:16 a.m.10 views

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References8
OSV
OSV
added 2026/03/25 10:27 a.m.7 views

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.7AI score0.00392EPSS
Exploits0References10
CVE
CVE
added 2026/03/25 10:27 a.m.24 views

CVE-2026-23364

CVE-2026-23364 concerns the Linux kernel’s ksmbd path, where MAC comparisons were not performed in constant time. The underlying issue is a timing-attack-prone memcmp() usage; the recommended fix is to replace memcmp() with crypto_memneq() to ensure constant-time comparisons. The vulnerability is...

7.4CVSS5.6AI score0.00392EPSS
Exploits0References7Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/25 10:27 a.m.9 views

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

5.6AI score0.00392EPSS
Exploits0References7Affected Software1
Cvelist
Cvelist
added 2026/03/25 10:27 a.m.21 views

CVE-2026-23364 ksmbd: Compare MACs in constant time

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS0.00392EPSS
Exploits0References7
Debian CVE
Debian CVE
added 2026/03/25 10:27 a.m.3 views

CVE-2026-23364

In the Linux kernel, the following vulnerability has been resolved: ksmbd: Compare MACs in constant time To prevent timing attacks, MAC comparisons need to be constant-time. Replace the memcmp with the correct function, cryptomemneq...

7.4CVSS5.1AI score0.00392EPSS
Exploits0
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.7 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from comparing MAC addresses using non-constant time functions, potentially leading to timing attacks...

7.4CVSS7AI score0.00392EPSS
Exploits0References7
EUVD
EUVD
added 2026/03/19 9:30 p.m.7 views

EUVD-2026-13170

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

2.1CVSS5.8AI score0.00265EPSS
Exploits0References2
EUVD
EUVD
added 2026/03/19 9:30 p.m.7 views

EUVD-2026-13172

In wolfSSL 5.8.4, constant-time masking logic in sp256getentry2569 is optimized into conditional branches bnez by GCC when targeting RISC-V RV32I with -O3. This transformation breaks the side-channel resistance of ECC scalar multiplication, potentially allowing a local attacker to recover secret...

2.1CVSS5.8AI score0.00128EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 8:16 p.m.5 views

CVE-2026-3579

wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...

5.9CVSS0.00265EPSS
Exploits0References1
Rows per page
Query Builder