Node.js: Node.js: Information disclosure via timing oracle in HMAC verification

A flaw was found in Node.js. The HMAC Hash-based Message Authentication Code verification process uses a comparison method that does not take a constant amount of time. This non-constant-time comparison can leak timing information, which, under specific conditions where precise timing measurement...

CVE-2025-13912

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

CVE-2025-13912 Potential non-constant time compiled code with Clang LLVM

Multiple constant-time implementations in wolfSSL before version 5.8.4 may be transformed into non-constant-time binary by LLVM optimizations, which can potentially result in observable timing discrepancies and lead to information disclosure through timing side-channel attacks...

PT-2025-50637

Name of the Vulnerable Software and Affected Versions wolfSSL versions prior to 5.8.4 Description Certain constant-time implementations within wolfSSL may be altered by LLVM optimizations into non-constant-time binaries. This transformation can introduce observable timing discrepancies, potential...

PT-2024-8840

Name of the Vulnerable Software and Affected Versions: IntelR QAT Engine for OpenSSL versions prior to v1.6.1 Description: The issue is related to an observable timing discrepancy in the IntelR QAT Engine for OpenSSL software, which may allow information disclosure via network access. This...

Rust Security Vulnerabilities

Rust is a general-purpose, compiled programming language from the Mozilla Foundation in the United States. A security vulnerability exists in Rust RustCrypto RSA, which stems from the disclosure of timing information where information about private keys can be observed over the network...