Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
httpsig-rs's HMAC verification is vulnerable to timing attack
Vulnerability Description
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N
Vulnerability Type
通过时间差异性导致的信息暴露
Vulnerability Title
httpsig-rs 安全漏洞
Vulnerability Description
httpsig-rs是Jun Kurihara个人开发者的一个Rust库。 httpsig-rs 0.0.19之前版本存在安全漏洞,该漏洞源于HMAC签名比较未采用时序安全方式,可能导致攻击者伪造签名。
CVSS Information
N/A
Vulnerability Type
N/A