CVE-2025-59058 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This ma…
Medium CVSS: 5.9

CVE-2025-59058

httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.
Vendor
-
Product
-
CWE
CWE-208
Yayın Tarihi
2025-09-12 14:15:41
Güncelleme
2025-09-15 15:21:42
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-208 MEDIUM 2025

Referanslar

https://github.com/junkurihara/httpsig-rs/commit/fc095b6ce6043bb808f5d9c4379cf697899cb458 https://github.com/junkurihara/httpsig-rs/security/advisories/GHSA-q7pg-9pr4-mrp2