Oleksii Shmalko

1 exploit Active since Sep 2025
CVE-2025-59058 WRITEUP MEDIUM WRITEUP
httpsig-rs < 0.0.19 - Timing Attack via HMAC Signature Comparison
httpsig-rs is a Rust implementation of IETF RFC 9421 http message signatures. Prior to version 0.0.19, the HMAC signature comparison is not timing-safe. This makes anyone who uses HS256 signature verification vulnerable to a timing attack that allows the attacker to forge a signature. Version 0.0.19 fixes the issue.
CVSS 5.9