CNNVD-202509-1786 Information

CNNVD ID

CNNVD-202509-1786

Related CVE

CVE-2025-59058

• CNNVD Published: 2025-09-12

Description (Chinese)

httpsig-rs是Jun Kurihara个人开发者的一个Rust库。 httpsig-rs 0.0.19之前版本存在安全漏洞，该漏洞源于HMAC签名比较未采用时序安全方式，可能导致攻击者伪造签名。

Description (English)

httpsig-rs is a Rust bank of Jun Kurihara’s personal developer. The previous version of httpsig-rs 0.0.19 had a security loophole, which stemmed from the fact that HMAC signatures were less time-series secure than they were, and could lead to their forgery by the attackers.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

个人开发者

Published

2025-09-12

Last Modified

2026-02-24

References

https://github.com/junkurihara/ https://access.redhat.com/security/cve/cve-2025-59058

Patch

https://github.com/junkurihara/httpsig-rs/tags