Rhonabwy Project Rhonabwy — known CVE vulnerabilities
Every CVE whose affected-product data names Rhonabwy Project Rhonabwy, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (3)
CVE-2024-25714 — CVSS 9.8 (critical): In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops…
CVE-2022-32096 — CVSS 7.5 (high): Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows…
CVE-2022-38493 — CVSS 7.5 (high): Rhonabwy 0.9.99 through 1.1.x before 1.1.7 doesn't check the RSA private key length before RSA-OAEP decryption. This allows attackers to…