VYPR

CWE-385

Covert Timing Channel

BaseIncompleteLikelihood: Medium

Description

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

Hierarchy (View 1000)

Parents

Children

none

Related attack patterns (CAPEC)

CAPEC-462

CVEs mapped to this weakness (29)

page 2 of 2
  • CVE-2025-49087MedJul 20, 2025
    risk 0.26cvss 4.0epss 0.00

    In Mbed TLS 3.6.1 through 3.6.3 before 3.6.4, a timing discrepancy in block cipher padding removal allows an attacker to recover the plaintext when PKCS#7 padding mode is used.

  • CVE-2024-11862MedNov 27, 2024
    risk 0.26cvss epss 0.00

    Non constant time cryptographic operation in Devolutions.XTS.NET 2024.11.19 and earlier allows an attacker to render half of the encryption key obsolete via a timing attacks

  • CVE-2024-13176MedJan 20, 2025
    risk 0.20cvss 4.1epss 0.01

    Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However,…

  • CVE-2025-59425Oct 7, 2025
    risk 0.00cvss epss 0.01

    vLLM is an inference and serving engine for large language models (LLMs). Before version 0.11.0rc2, the API key support in vLLM performs validation using a method that was vulnerable to a timing attack. API key validation uses a string comparison that takes longer the more…

  • CVE-2023-50782Feb 5, 2024
    risk 0.00cvss epss 0.01

    A flaw was found in the python-cryptography package. This issue may allow a remote attacker to decrypt captured messages in TLS servers that use RSA key exchanges, which may lead to exposure of confidential or sensitive data.

  • CVE-2024-23342Jan 22, 2024
    risk 0.00cvss epss 0.01

    The `ecdsa` PyPI package is a pure Python implementation of ECC (Elliptic Curve Cryptography) with support for ECDSA (Elliptic Curve Digital Signature Algorithm), EdDSA (Edwards-curve Digital Signature Algorithm) and ECDH (Elliptic Curve Diffie-Hellman). Versions 0.18.0 and…

  • CVE-2023-49092Nov 28, 2023
    risk 0.00cvss epss 0.01

    RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that information to recover the…

  • CVE-2020-25659Jan 11, 2021
    risk 0.00cvss epss 0.02

    python-cryptography 3.2 is vulnerable to Bleichenbacher timing attacks in the RSA decryption API, via timed processing of valid PKCS#1 v1.5 ciphertext.

  • CVE-2020-25658Nov 12, 2020
    risk 0.00cvss epss 0.02

    It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA.