Filtered by vendor Rhonabwy Project Subscriptions
Filtered by product Rhonabwy Subscriptions
Total 3 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-25714 2 Debian, Rhonabwy Project 2 Debian Linux, Rhonabwy 2024-11-21 9.8 Critical
In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
CVE-2022-38493 1 Rhonabwy Project 1 Rhonabwy 2024-11-21 7.5 High
Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Service via a crafted JWE (JSON Web Encryption) token.
CVE-2022-32096 1 Rhonabwy Project 1 Rhonabwy 2024-11-21 7.5 High
Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.