Rhonabwy Project Rhonabwy 1.1.1

CPE Details

Rhonabwy Project Rhonabwy 1.1.1
rhonabwy_project
rhonabwy
1.1.1
2022-08-22
12h43 +00:00
2022-08-22
13h00 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:rhonabwy_project:rhonabwy:1.1.1:*:*:*:*:*:*:*

Informations

Vendor

rhonabwy_project

Product

rhonabwy

Version

1.1.1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-25714 2024-02-10 23h00 +00:00 In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
9.8
Critique
CVE-2022-38493 2022-08-20 17h41 +00:00 Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
7.5
Haute
CVE-2022-32096 2022-07-13 13h42 +00:00 Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.
7.5
Haute