CNNVD-202507-3125 Information

CNNVD ID

CNNVD-202507-3125

Related CVE

CVE-2025-53940

• CNNVD Published: 2025-07-24

Description (Chinese)

Quiet是Quiet开源的一个基于私有p2p软件。 Quiet 6.1.0-alpha.4及之前版本存在安全漏洞，该漏洞源于令牌验证使用不安全的非恒定时间比较函数，可能导致计时攻击。

Description (English)

Quiet is a private-based p2p software source. Quiet 6.1.0-alpha.4 and previous versions contain a security loophole, which arises from the use of an unsafe non-consistent time comparison function for token verification, which may result in timing attacks.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Quiet

Published

2025-07-24

Last Modified

2026-02-24

References

https://github.com/TryQuiet/quiet/issues/2820#issue-3021080269 https://github.com/TryQuiet/quiet/pull/2928 https://github.com/TryQuiet/quiet/security/advisories/GHSA-gpw8-w78h-xj67

Patch

https://github.com/TryQuiet/quiet/releases