CVE-2024-13176 — Covert Timing Channel in Openssl
Severity
4.1MEDIUMNVD
OSV6.3
EPSS
0.1%
top 77.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 20
Latest updateNov 26
Description
Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations
could allow recovering the private key by an attacker. However, measuring
the timing would require either local access to the signing application or
a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of
the inverted ECDSA no…
CVSS vector
CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:LExploitability: 0.7 | Impact: 3.4
Affected Packages5 packages
🔴Vulnerability Details
6GHSA▶
GHSA-r9fv-h47r-823f: Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation↗2025-01-20
OSV▶
CVE-2024-13176: Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation↗2025-01-20
OSV▶
CVE-2024-13176: Issue summary: A timing side-channel which could potentially allow recovering
the private key exists in the ECDSA signature computation↗2025-01-20
📋Vendor Advisories
7Oracle
▶
Oracle
▶