説明
libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.
AI分析AIによる分析
影響を受ける製品
debiandebian_linux
10.0
libjwtlibjwt
1.15.3
参照
- https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.mdExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/02/msg00009.htmlMailing ListThird Party Advisory
- https://github.com/P3ngu1nW/CVE_Request/blob/main/benmcollins%3Alibjwt.mdExploitThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2024/02/msg00009.htmlMailing ListThird Party Advisory