{"id":"CVE-2021-37847","details":"crypto/digest.c in Pengutronix barebox through 2021.07.0 leaks timing information because memcmp is used during digest verification.","modified":"2026-04-11T18:44:51.011016Z","published":"2021-08-02T20:15:08.267Z","references":[{"type":"FIX","url":"https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe"},{"type":"EVIDENCE","url":"https://gist.github.com/gquere/816dfadbad98745090034100a8a651eb"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/saschahauer/barebox","events":[{"introduced":"0"},{"fixed":"0a9f9a7410681e55362f8311537ebc7be9ad0fbe"}]},{"type":"GIT","repo":"https://github.com/saschahauer/barebox","events":[{"introduced":"0"},{"fixed":"0a9f9a7410681e55362f8311537ebc7be9ad0fbe"}]}],"database_specific":{"vanir_signatures_modified":"2026-04-11T18:44:51Z","vanir_signatures":[{"id":"CVE-2021-37847-8199349f","digest":{"function_hash":"301584889156069090904562622525040506434","length":319},"signature_type":"Function","signature_version":"v1","deprecated":false,"source":"https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe","target":{"function":"digest_generic_verify","file":"crypto/digest.c"}},{"id":"CVE-2021-37847-b9d9c9e4","digest":{"line_hashes":["271334619018219239287410104355572862397","320835556679015987297444744653922937837","248201803692037093671842504412337342173","285480366245170309515497581774649101074","27282573744850338018709588609223000560","258290346364336418964311691047936510878","254309928623789668069109864278546826273","316172920102987295883885030603775344160","339271843571112485462380948539623857566"],"threshold":0.9},"signature_type":"Line","signature_version":"v1","deprecated":false,"source":"https://github.com/saschahauer/barebox/commit/0a9f9a7410681e55362f8311537ebc7be9ad0fbe","target":{"file":"crypto/digest.c"}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37847.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"2021.07.0"}]},{"events":[{"introduced":"0"},{"last_affected":"2021.07.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}