VYPR

CWE-385

Covert Timing Channel

BaseIncompleteLikelihood: Medium

Description

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-462

CVEs mapped to this weakness (29)

page 1 of 2
  • CVE-2026-5598HigApr 15, 2026
    risk 0.51cvss epss 0.01

    Covert timing channel vulnerability in Legion of the Bouncy Castle Inc. BC-JAVA core on all (core modules). This vulnerability is associated with program files FrodoEngine.Java. This issue affects BC-JAVA: from 1.71 before 1.80.2, from 1.81 before 1.81.1, from 1.82 before…

  • CVE-2023-50781HigFeb 5, 2024
    risk 0.49cvss 7.5epss 0.01

    A flaw was found in m2crypto. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2025-0306HigJan 9, 2025
    risk 0.48cvss 7.4epss 0.01

    A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a large number of messages with the vulnerable service.

  • CVE-2023-46809HigSep 7, 2024
    risk 0.48cvss 7.4epss 0.01

    Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA…

  • CVE-2017-3156HigAug 10, 2017
    risk 0.42cvss 7.5epss 0.06

    The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

  • CVE-2026-41390HigApr 28, 2026
    risk 0.40cvss 7.3epss 0.00

    OpenClaw before 2026.3.28 contains an exec allowlist bypass vulnerability where allow-always persistence fails to unwrap /usr/bin/script and similar wrappers before storing trust decisions. Attackers can obtain user approval for one wrapped command to persist trust for wrapper…

  • CVE-2018-10845MedAug 22, 2018
    risk 0.39cvss 5.9epss 0.04

    It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recovery attacks via statistical analysis of timing data using crafted packets.

  • CVE-2018-10844MedAug 22, 2018
    risk 0.39cvss 5.9epss 0.04

    It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data using crafted packets.

  • CVE-2025-29780MedMar 14, 2025
    risk 0.38cvss epss 0.00

    Post-Quantum Secure Feldman's Verifiable Secret Sharing provides a Python implementation of Feldman's Verifiable Secret Sharing (VSS) scheme. In versions 0.8.0b2 and prior, the `feldman_vss` library contains timing side-channel vulnerabilities in its matrix operations,…

  • CVE-2024-2236MedMar 6, 2024
    risk 0.38cvss 5.9epss 0.01

    A timing-based side-channel flaw was found in libgcrypt's RSA implementation. This issue may allow a remote attacker to initiate a Bleichenbacher-style attack, which can lead to the decryption of RSA ciphertexts.

  • CVE-2017-2624MedJul 27, 2018
    risk 0.38cvss 5.9epss 0.01

    It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is…

  • CVE-2025-59432MedSep 22, 2025
    risk 0.36cvss epss 0.01

    SCRAM (Salted Challenge Response Authentication Mechanism) is part of the family of Simple Authentication and Security Layer (SASL, RFC 4422) authentication mechanisms. Prior to version 3.2, a timing attack vulnerability exists in the SCRAM Java implementation. The issue arises…

  • CVE-2016-7056MedSep 10, 2018
    risk 0.36cvss 5.5epss 0.01

    A timing attack flaw was found in OpenSSL 1.0.1u and before that could allow a malicious user with local access to recover ECDSA P-256 private keys.

  • CVE-2018-10846MedAug 22, 2018
    risk 0.36cvss 5.6epss 0.00

    A cache-based side channel in GnuTLS implementation that leads to plain text recovery in cross-VM attack setting was found. An attacker could use a combination of "Just in Time" Prime+probe attack in combination with Lucky-13 attack to recover plain text using crafted packets.

  • CVE-2026-6478MedMay 14, 2026
    risk 0.35cvss 6.5epss 0.00

    Covert timing channel in comparison of MD5-hashed password in PostgreSQL authentication allows an attacker to recover user credentials sufficient to authenticate. This does not affect scram-sha-256 passwords, the default in all supported releases. However, current databases…

  • CVE-2025-9231MedSep 30, 2025
    risk 0.35cvss 6.5epss 0.02

    Issue summary: A timing side-channel which could potentially allow remote recovery of the private key exists in the SM2 algorithm implementation on 64 bit ARM platforms. Impact summary: A timing side-channel in SM2 signature computations on 64 bit ARM platforms could allow…

  • CVE-2025-27587MedJun 16, 2025
    risk 0.34cvss 5.3epss 0.00

    OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable to a Minerva attack, exploitable by measuring the time of signing of random messages using the EVP_DigestSign API, and then using the private key to extract the K value (nonce) from the signatures. Next, based…

  • CVE-2025-66442MedApr 1, 2026
    risk 0.33cvss 5.1epss 0.00

    In Mbed TLS through 4.0.0, there is a compiler-induced timing side channel (in RSA and CBC/ECB decryption) that only occurs with LLVM's select-optimize feature. TF-PSA-Crypto through 1.0.0 is also affected.

  • CVE-2025-69893MedApr 14, 2026
    risk 0.30cvss 4.6epss 0.00

    A side-channel vulnerability exists in the implementation of BIP-39 mnemonic processing, as observed in Trezor One v1.13.0 to v1.14.0, Trezor T v1.13.0 to v1.14.0, and Trezor Safe v1.13.0 to v1.14.0 hardware wallets. This originates from the BIP-39 standard guidelines, which…

  • CVE-2024-23170MedJan 31, 2024
    risk 0.29cvss 5.5epss 0.00

    An issue was discovered in Mbed TLS 2.x before 2.28.7 and 3.x before 3.5.2. There was a timing side channel in RSA private operations. This side channel could be sufficient for a local attacker to recover the plaintext. It requires the attacker to send a large number of messages…