Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Rhonabwy
(Rhonabwy_project)Repositories |
Unknown: This might be proprietary software. |
#Vulnerabilities | 3 |
Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2022-07-13 | CVE-2022-32096 | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token. | Rhonabwy | 7.5 | ||
2022-08-20 | CVE-2022-38493 | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token. | Rhonabwy | 7.5 | ||
2024-02-11 | CVE-2024-25714 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.) | Debian_linux, Rhonabwy | 9.8 |