In Rhonabwy through 1.1.13, HMAC signature verification uses a strcmp function that is vulnerable to side-channel attacks, because it stops the comparison when the first difference is spotted in the two signatures. (The fix uses gnutls_memcmp, which has constant-time execution.)
The strcmp function stops comparing two character strings immediately upon encountering the first difference. In the context of HMAC signature verification, this means that the execution time of the comparison depends on the number of correctly matched characters at the beginning of the signature. An attacker, by measuring the server's response time, can use a trial-and-error method (timing oracle attack) to iteratively guess the successive bytes of the valid signature. The fix replaces strcmp with the gnutls_memcmp function, which performs comparison in constant time regardless of data content.
An attacker can forge HMAC signature verification, leading to violations of data integrity and confidentiality, and potentially unauthorized access to protected resources.
The Rhonabwy library should be updated to a version containing the fix introduced by commit f9fd9a1c77e48b514ebb3baf0360f87eef3d846e (replacing strcmp with gnutls_memcmp). Debian Linux users should apply package updates available from the distribution vendor.
Rhonabwy Project Rhonabwy in versions up to and including 1.1.13; Debian Linux with packages containing the vulnerable version of the Rhonabwy library
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HDebian
OSDebian11.012.0Rhonabwy Project Rhonabwy
APPRhonabwy Project≤ 1.1.3
Related vulnerabilities
GNU Inetutils telnetd: ominięcie uwierzytelnienia przez zmienną USER
Sudo: eskalacja uprawnień do root poprzez opcję --chroot (CVE-2025-32463)
RCE przez deserializację PHP w Roundcube Webmail (parametr _from)
Erlang/OTP SSH — nieuwierzytelniony RCE (CVSS 10.0)
Apple WebKit: out-of-bounds write umożliwiający ucieczkę z sandbox przeglądarki