Vulnerability in Trailofbits Rfc3161-client

CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol (TSP) described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is perfo…

EPSS: 0.002 (38.8th percentile) — read the EPSS interpretation.

Affected products

Trailofbits Rfc3161-client — versions < 1.0.3

Weakness classification (CWE)

CWE-347 — Improper Verification of Cryptographic Signature

References

https://github.com/trailofbits/rfc3161-client/security/advisories/GHSA-6qhv-4h7r-2g9m (x_refsource_CONFIRM)
https://github.com/trailofbits/rfc3161-client/commit/724a184f953e3f171f85cb223871172b41b0d0dc (x_refsource_MISC)