Vulnerability Database

296,278

Total vulnerabilities in the database

CVE-2025-59058

Summary

HMAC signature comparison is not timing-safe and is vulnerable to timing attacks.

Details

SharedKey::sign() returns a Vec<u8> which has a non-constant-time equality implementation.

Hmac::finalize() returns a constant-time wrapper (CtOutput) which was discarded. Alternatively, Hmac has a constant-time verify() method.

The problem reported here is due to the following lines in SharedKey::sign() of the previous code:

let mut mac = HmacSha256::new_from_slice(key).unwrap(); mac.update(data); Ok(mac.finalize().into_bytes().to_vec())

and the merged update changes the third line to directly verify with verify_slice.

Impact

Anyone who uses HS256 signature verification is vulnerably to Timing Attack that allows the attacker to forge a signature.

CVSS v3:

  • Severity: Unknown
  • Score:
  • AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N

CWEs:

Software From Fixed in
Rust icon httpsig - 0.0.19