{"id":"CVE-2022-32096","details":"Rhonabwy before v1.1.5 was discovered to contain a buffer overflow via the component r_jwe_aesgcm_key_unwrap. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted JWE token.","modified":"2026-04-12T02:57:01.076279Z","published":"2022-07-13T16:15:08.950Z","references":[{"type":"ADVISORY","url":"https://github.com/babelouest/rhonabwy/"},{"type":"FIX","url":"https://github.com/babelouest/rhonabwy/commit/b4c2923a1ba4fabf9b55a89244127e153a3e549b"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/babelouest/rhonabwy","events":[{"introduced":"0"},{"fixed":"95415a743a5bb399e4ce80beffe26e49a0ace0b9"},{"fixed":"b4c2923a1ba4fabf9b55a89244127e153a3e549b"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.1.5"}]}}],"versions":["v0.9.10","v0.9.11","v0.9.12","v0.9.13","v0.9.2","v0.9.3","v0.9.4","v0.9.5","v0.9.6","v0.9.7","v0.9.8","v0.9.9","v0.9.99","v0.9.999","v0.9.9999","v1.0.0","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.1.4"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-32096.json","vanir_signatures":[{"source":"https://github.com/babelouest/rhonabwy/commit/95415a743a5bb399e4ce80beffe26e49a0ace0b9","id":"CVE-2022-32096-34cfa2b9","digest":{"threshold":0.9,"line_hashes":["257047672319347334005511696685262357187","265941919923689063346151393268260886570","113102270343724359756721009245843069877","60169571286526244116120576712416812051","231906486081702620285354893555412086184"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"tools/rnbyc/rnbyc.c"}},{"source":"https://github.com/babelouest/rhonabwy/commit/95415a743a5bb399e4ce80beffe26e49a0ace0b9","id":"CVE-2022-32096-7b2a6b43","digest":{"function_hash":"76788603250249583139725563930766410867","length":5010},"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"print_help","file":"tools/rnbyc/rnbyc.c"}},{"source":"https://github.com/babelouest/rhonabwy/commit/b4c2923a1ba4fabf9b55a89244127e153a3e549b","id":"CVE-2022-32096-804f2c81","digest":{"threshold":0.9,"line_hashes":["203098983376354227696147056036859232351","80722289190606584317862075844343759170","232239679004971832115761400735815521608","99168564466720862095638377773277193418","339255568156754211190134732161496686471","174240757865002099933754484810747946509","55856843168921994466841354640928831035","72418847026648024948677386074683763390","177370314280429233355908583836832230220"]},"signature_version":"v1","deprecated":false,"signature_type":"Line","target":{"file":"src/jwe.c"}},{"source":"https://github.com/babelouest/rhonabwy/commit/b4c2923a1ba4fabf9b55a89244127e153a3e549b","id":"CVE-2022-32096-a0b854e5","digest":{"function_hash":"159557575790542645729137279180272888252","length":2931},"signature_version":"v1","deprecated":false,"signature_type":"Function","target":{"function":"r_jwe_aesgcm_key_unwrap","file":"src/jwe.c"}}],"vanir_signatures_modified":"2026-04-12T02:57:01Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}