Описание
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support |
| devel | needs-triage | |
| esm-apps/bionic | needed | |
| esm-apps/focal | needed | |
| esm-apps/jammy | needed | |
| esm-apps/noble | needs-triage | |
| focal | ignored | end of standard support, was needed |
| jammy | needed | |
| mantic | ignored | end of life, was needed |
| noble | needs-triage |
Показывать по
10
Ссылки на источники
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3
Связанные уязвимости
CVSS3: 9.8
nvd
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
CVSS3: 9.8
debian
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authe ...
CVSS3: 9.8
github
почти 2 года назад
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
EPSS
Процентиль: 24%
0.00083
Низкий
9.8 Critical
CVSS3