Rhonabwy_project Rhonabwy
3 CVEs affecting Rhonabwy_project Rhonabwy. Latest disclosed: 2024-02-11. Critical: 1, High: 2.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25714 | Critical | 9.8 | 2024-02-11 | In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when… |
CVE-2022-38493 | High | 7.5 | 2022-08-20 | Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to cause a Denial of Serv… |
CVE-2022-32096 | High | 7.5 | 2022-07-13 | Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a De… |