In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
Name | Vendor | Start Version | End Version |
---|---|---|---|
Rhonabwy | Ubuntu | mantic | * |