MidnightBSD

Advisories for bencollins

CVE-2024-25189

libjwt 1.15.3 uses strcmp (which is not constant time) to verify authentication, which makes it easier to bypass authentication via a timing side channel.

Products Affected

Vendor Product Version
libjwt libjwt 1.15.3
bencollins jwt_c_library 1.15.3
debian debian_linux 10.0