VYPR

rhonabwy

by Rhonabwy

CVEs (2)

  • CVE-2024-25714CriFeb 11, 2024
    risk 0.00cvss 9.8epss 0.01

    In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)

  • CVE-2022-32096HigJul 13, 2022
    risk 0.00cvss 7.5epss 0.01

    Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.