Количество 2
Количество 2
CVE-2025-59058
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.
GHSA-q7pg-9pr4-mrp2
httpsig-rs: HMAC verification is vulnerable to timing attack
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2025-59058 httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue. | CVSS3: 5.9 | 0% Низкий | 5 месяцев назад |
| GHSA-q7pg-9pr4-mrp2 httpsig-rs: HMAC verification is vulnerable to timing attack | CVSS3: 5.9 | 0% Низкий | 5 месяцев назад |
Уязвимостей на страницу