Rhonabwy Project: >> Rhonabwy >> 0.9.8 Security Vulnerabilities
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
CVSS Score
9.8
EPSS Score
0.002
Published
2024-02-11
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
CVSS Score
7.5
EPSS Score
0.005
Published
2022-07-13