Rhonabwy Project Rhonabwy 0.9.99

CPE Details

Rhonabwy Project Rhonabwy 0.9.99
rhonabwy_project
rhonabwy
0.9.99
2022-08-22
12h43 +00:00
2022-08-22
13h00 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:rhonabwy_project:rhonabwy:0.9.99:*:*:*:*:*:*:*

Informations

Vendor

rhonabwy_project

Product

rhonabwy

Version

0.9.99

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-25714 2024-02-10 23h00 +00:00 In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
9.8
Critical
CVE-2022-38493 2022-08-20 17h41 +00:00 Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
7.5
High
CVE-2022-32096 2022-07-13 13h42 +00:00 Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
7.5
High