exploitDog - Комплексное решение для обнаружения, оценки и устранения уязвимостей.

БДУ ФСТЭК

Microsoft MSRC

NVD

Oracle ELSA

Red Hat CVE

РЕД ОС

Rocky RLSA

SUSE CVRF

Ubuntu

Debian

Github

Количество 4

CVE-2024-25714

почти 2 года назад

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

CVSS3: 9.8

EPSS: Низкий

CVE-2024-25714

почти 2 года назад

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

CVSS3: 9.8

EPSS: Низкий

CVE-2024-25714

почти 2 года назад

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ...

CVSS3: 9.8

EPSS: Низкий

GHSA-69gh-8q3c-phmc

почти 2 года назад

In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

CVSS3: 9.1

EPSS: Низкий

Уязвимостей на страницу

Уязвимость	CVSS	EPSS	Опубликовано
CVE-2024-25714 In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)	CVSS3: 9.8	0% Низкий	почти 2 года назад
CVE-2024-25714 In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)	CVSS3: 9.8	0% Низкий	почти 2 года назад
CVE-2024-25714 In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp ...	CVSS3: 9.8	0% Низкий	почти 2 года назад
GHSA-69gh-8q3c-phmc In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)	CVSS3: 9.1	0% Низкий	почти 2 года назад

Уязвимостей на страницу