CWE-203
AllowedObservable Discrepancy
Abstraction: Base · Status: Incomplete
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
836 vulnerabilities reference this CWE, most recent first.
GHSA-WV48-PVF9-QV86
Vulnerability from github – Published: 2023-01-03 00:30 – Updated: 2023-01-09 21:30Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)
{
"affected": [],
"aliases": [
"CVE-2022-4025"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-668"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2023-01-02T23:15:00Z",
"severity": "MODERATE"
},
"details": "Inappropriate implementation in Paint in Google Chrome prior to 98.0.4758.80 allowed a remote attacker to leak cross-origin data outside an iframe via a crafted HTML page. (Chrome security severity: Low)",
"id": "GHSA-wv48-pvf9-qv86",
"modified": "2023-01-09T21:30:22Z",
"published": "2023-01-03T00:30:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-4025"
},
{
"type": "WEB",
"url": "https://chromereleases.googleblog.com/2022/02/stable-channel-update-for-desktop.html"
},
{
"type": "WEB",
"url": "https://crbug.com/1260250"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WVCQ-JPW4-Q2R3
Vulnerability from github – Published: 2025-03-18 12:30 – Updated: 2025-03-18 12:30An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.
{
"affected": [],
"aliases": [
"CVE-2025-1468"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-18T11:15:39Z",
"severity": "HIGH"
},
"details": "An unauthenticated remote attacker can gain access to sensitive information including authentication information when using CODESYS OPC UA Server with the non-default Basic128Rsa15 security policy.",
"id": "GHSA-wvcq-jpw4-q2r3",
"modified": "2025-03-18T12:30:48Z",
"published": "2025-03-18T12:30:48Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-1468"
},
{
"type": "WEB",
"url": "https://cert.vde.com/en/advisories/VDE-2025-022"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WVXH-XCHR-M6P5
Vulnerability from github – Published: 2021-12-16 00:01 – Updated: 2021-12-18 00:01In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233
{
"affected": [],
"aliases": [
"CVE-2021-0988"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-12-15T19:15:00Z",
"severity": "LOW"
},
"details": "In getLaunchedFromUid and getLaunchedFromPackage of ActivityClientController.java, there is a possible way to determine whether an app is installed, without query permissions, due to side channel information disclosure. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12Android ID: A-191954233",
"id": "GHSA-wvxh-xchr-m6p5",
"modified": "2021-12-18T00:01:24Z",
"published": "2021-12-16T00:01:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-0988"
},
{
"type": "WEB",
"url": "https://source.android.com/security/bulletin/pixel/2021-12-01"
}
],
"schema_version": "1.4.0",
"severity": []
}
GHSA-WXCP-F2C8-X6XV
Vulnerability from github – Published: 2022-05-13 01:02 – Updated: 2024-02-22 19:37The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 9.0.0.M9"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "9.0.0M1"
},
{
"fixed": "9.0.0.M10"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.5.4"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.5.0"
},
{
"fixed": "8.5.5"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 8.0.36"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "8.0.0.RC1"
},
{
"fixed": "8.0.37"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "7.0.0"
},
{
"fixed": "7.0.72"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 6.0.45"
},
"package": {
"ecosystem": "Maven",
"name": "org.apache.tomcat:tomcat"
},
"ranges": [
{
"events": [
{
"introduced": "6.0.0"
},
{
"fixed": "6.0.46"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2016-0762"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2022-07-06T20:06:08Z",
"nvd_published_at": "2017-08-10T16:29:00Z",
"severity": "MODERATE"
},
"details": "The Realm implementations in Apache Tomcat versions 9.0.0.M1 to 9.0.0.M9, 8.5.0 to 8.5.4, 8.0.0.RC1 to 8.0.36, 7.0.0 to 7.0.70 and 6.0.0 to 6.0.45 did not process the supplied password if the supplied user name did not exist. This made a timing attack possible to determine valid user names. Note that the default configuration includes the LockOutRealm which makes exploitation of this vulnerability harder.",
"id": "GHSA-wxcp-f2c8-x6xv",
"modified": "2024-02-22T19:37:20Z",
"published": "2022-05-13T01:02:15Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0762"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/86b2e436099cb48f30dad950175c5beeeb763756"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/970e615c7ade6ec6c341470bbc76aa1256353737"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat/commit/d79c63d424fe6b225678416343b9ce106dec947c"
},
{
"type": "WEB",
"url": "https://github.com/apache/tomcat80/commit/dc4c3317452f0bc2c5e1f6a08d3bd9f22488b450"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0455"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b5e3f51d28cd5d9b1809f56594f2cf63dcd6a90429e16ea9f83bbedc@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b84ad1258a89de5c9c853c7f2d3ad77e5b8b2930be9e132d5cef6b95@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/b8a1bf18155b552dcf9a928ba808cbadad84c236d85eab3033662cfb@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r03c597a64de790ba42c167efacfa23300c3d6c9fe589ab87fe02859c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r587e50b86c1a96ee301f751d50294072d142fd6dc08a8987ae9f3a9b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/r9136ff5b13e4f1941360b5a309efee2c114a14855578c3a2cbe5d19c@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20180605-0001"
},
{
"type": "WEB",
"url": "https://usn.ubuntu.com/4557-1"
},
{
"type": "WEB",
"url": "https://www.oracle.com//security-alerts/cpujul2021.html"
},
{
"type": "WEB",
"url": "https://www.oracle.com/security-alerts/cpuoct2021.html"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:0456"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2017:2247"
},
{
"type": "PACKAGE",
"url": "https://github.com/apache/tomcat"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009%40%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/1872f96bad43647832bdd84a408794cd06d9cbb557af63085ca10009@%3Cannounce.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/343558d982879bf88ec20dbf707f8c11255f8e219e81d45c4f8d0551@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/37220405a377c0182d2afdbc36461c4783b2930fbeae3a17f1333113@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/388a323769f1dff84c9ec905455aa73fbcb20338e3c7eb131457f708@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/39ae1f0bd5867c15755a6f959b271ade1aea04ccdc3b2e639dcd903b@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/3d19773b4cf0377db62d1e9328bf9160bf1819f04f988315086931d7@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424%40%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread.html/845312a10aabbe2c499fca94003881d2c79fc993d85f34c1f5c77424@%3Cdev.tomcat.apache.org%3E"
},
{
"type": "WEB",
"url": "http://rhn.redhat.com/errata/RHSA-2017-0457.html"
},
{
"type": "WEB",
"url": "http://www.debian.org/security/2016/dsa-3720"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/93939"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037144"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Observable Discrepancy in Apache Tomcat"
}
GHSA-X2V7-W9J6-RQMX
Vulnerability from github – Published: 2025-03-28 03:30 – Updated: 2025-04-11 18:30String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.
As stated in the documentation: "If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents)."
This is similar to CVE-2020-36829
{
"affected": [],
"aliases": [
"CVE-2024-13939"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-208"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2025-03-28T03:15:15Z",
"severity": "HIGH"
},
"details": "String::Compare::ConstantTime for Perl through 0.321 is vulnerable to timing attacks that allow an attacker to guess the length of a secret string.\n\nAs stated in the documentation: \"If the lengths of the strings are different, because equals returns false right away the size of the secret string may be leaked (but not its contents).\"\n\nThis is similar to\u00a0CVE-2020-36829",
"id": "GHSA-x2v7-w9j6-rqmx",
"modified": "2025-04-11T18:30:40Z",
"published": "2025-03-28T03:30:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-13939"
},
{
"type": "WEB",
"url": "https://metacpan.org/release/FRACTAL/String-Compare-ConstantTime-0.321/view/lib/String/Compare/ConstantTime.pm#TIMING-SIDE-CHANNEL"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X4GP-PQPJ-F43Q
Vulnerability from github – Published: 2024-06-18 21:56 – Updated: 2026-02-17 19:30Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek.
The Scalar29::sub (32-bit) and Scalar52::sub (64-bit) functions contained usage of a mask value inside a loop where LLVM saw an opportunity to insert a branch instruction (jns on x86) to conditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:
- 32-bit (see L106): https://godbolt.org/z/zvaWxzvqv
- 64-bit (see L48): https://godbolt.org/z/PczYj7Pda
A similar problem was recently discovered in the Kyber reference implementation:
https://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ
As discussed on that thread, one portable solution, which is also used in this PR, is to introduce a volatile read as an optimization barrier, which prevents the compiler from optimizing it away.
The fix can be validated in godbolt here:
- 32-bit: https://godbolt.org/z/jc9j7eb8E
- 64-bit: https://godbolt.org/z/x8d46Yfah
The problem was discovered and the solution independently verified by Alexander Wagner alexander.wagner@aisec.fraunhofer.de and Lea Themint lea.thiemt@tum.de using their DATA tool:
https://github.com/Fraunhofer-AISEC/DATA
{
"affected": [
{
"package": {
"ecosystem": "crates.io",
"name": "curve25519-dalek"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "4.1.3"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-58262"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": true,
"github_reviewed_at": "2024-06-18T21:56:24Z",
"nvd_published_at": null,
"severity": "LOW"
},
"details": "Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in `curve25519-dalek`.\n\nThe `Scalar29::sub` (32-bit) and `Scalar52::sub` (64-bit) functions contained usage of a mask value inside a loop where LLVM saw an opportunity to insert a branch instruction (`jns` on x86) to conditionally bypass this code section when the mask value is set to zero as can be seen in godbolt:\n\n- 32-bit (see L106): https://godbolt.org/z/zvaWxzvqv\n- 64-bit (see L48): https://godbolt.org/z/PczYj7Pda\n\nA similar problem was recently discovered in the Kyber reference implementation:\n\nhttps://groups.google.com/a/list.nist.gov/g/pqc-forum/c/hqbtIGFKIpU/m/cnE3pbueBgAJ\n\nAs discussed on that thread, one portable solution, which is also used in this PR, is to introduce a volatile read as an optimization barrier, which prevents the compiler from optimizing it away.\n\nThe fix can be validated in godbolt here:\n\n- 32-bit: https://godbolt.org/z/jc9j7eb8E\n- 64-bit: https://godbolt.org/z/x8d46Yfah\n\nThe problem was discovered and the solution independently verified by Alexander Wagner \u003calexander.wagner@aisec.fraunhofer.de\u003e and Lea Themint \u003clea.thiemt@tum.de\u003e using their DATA tool:\n\nhttps://github.com/Fraunhofer-AISEC/DATA",
"id": "GHSA-x4gp-pqpj-f43q",
"modified": "2026-02-17T19:30:26Z",
"published": "2024-06-18T21:56:24Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-58262"
},
{
"type": "WEB",
"url": "https://github.com/dalek-cryptography/curve25519-dalek/pull/659"
},
{
"type": "WEB",
"url": "https://github.com/dalek-cryptography/curve25519-dalek/commit/415892acf1cdf9161bd6a4c99bc2f4cb8fae5e6a"
},
{
"type": "PACKAGE",
"url": "https://github.com/dalek-cryptography/curve25519-dalek"
},
{
"type": "WEB",
"url": "https://rustsec.org/advisories/RUSTSEC-2024-0344.html"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "curve25519-dalek has timing variability in `curve25519-dalek`\u0027s `Scalar29::sub`/`Scalar52::sub`"
}
GHSA-X4JV-R6HP-XC4H
Vulnerability from github – Published: 2022-05-13 01:21 – Updated: 2022-05-13 01:21Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.
{
"affected": [],
"aliases": [
"CVE-2019-10233"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2019-03-27T17:29:00Z",
"severity": "HIGH"
},
"details": "Teclib GLPI before 9.4.1.1 is affected by a timing attack associated with a cookie.",
"id": "GHSA-x4jv-r6hp-xc4h",
"modified": "2022-05-13T01:21:43Z",
"published": "2022-05-13T01:21:43Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10233"
},
{
"type": "WEB",
"url": "https://github.com/glpi-project/glpi/pull/5562"
},
{
"type": "WEB",
"url": "https://github.com/glpi-project/glpi/releases/tag/9.4.1.1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-X697-V25M-6PHV
Vulnerability from github – Published: 2024-01-16 12:30 – Updated: 2024-07-08 18:31A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.
{
"affected": [],
"aliases": [
"CVE-2024-0553"
],
"database_specific": {
"cwe_ids": [
"CWE-203",
"CWE-385"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-01-16T12:15:45Z",
"severity": "MODERATE"
},
"details": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
"id": "GHSA-x697-v25m-6phv",
"modified": "2024-07-08T18:31:15Z",
"published": "2024-01-16T12:30:26Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0553"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0533"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0627"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:0796"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1082"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1108"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:1383"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2024:2094"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-0553"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
},
{
"type": "WEB",
"url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2"
},
{
"type": "WEB",
"url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20240202-0011"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X6WJ-2WRR-74P6
Vulnerability from github – Published: 2022-05-24 17:44 – Updated: 2022-07-31 00:00An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.
{
"affected": [],
"aliases": [
"CVE-2020-27170"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-03-20T22:15:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in the Linux kernel before 5.11.8. kernel/bpf/verifier.c performs undesirable out-of-bounds speculation on pointer arithmetic, leading to side-channel attacks that defeat Spectre mitigations and obtain sensitive information from kernel memory, aka CID-f232326f6966. This affects pointer types that do not define a ptr_limit.",
"id": "GHSA-x6wj-2wrr-74p6",
"modified": "2022-07-31T00:00:59Z",
"published": "2022-05-24T17:44:58Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-27170"
},
{
"type": "WEB",
"url": "https://cdn.kernel.org/pub/linux/kernel/v5.x/ChangeLog-5.11.8"
},
{
"type": "WEB",
"url": "https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f232326f6966cf2a1d1db7bc917a4ce5f9f55f76"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00035.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FB6LUXPEIRLZH32YXWZVEZAD4ZL6SDK2"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRTPQE73ANG7D6M4L4PK5ZQDPO4Y2FVD"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/T2S3I4SLRNRUQDOFYUS6IUAZMQNMPNLG"
},
{
"type": "WEB",
"url": "https://www.openwall.com/lists/oss-security/2021/03/19/2"
},
{
"type": "WEB",
"url": "http://packetstormsecurity.com/files/162117/Kernel-Live-Patch-Security-Notice-LSN-0075-1.html"
},
{
"type": "WEB",
"url": "http://www.openwall.com/lists/oss-security/2021/03/24/4"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-X74C-JX25-VJP6
Vulnerability from github – Published: 2022-04-30 18:19 – Updated: 2022-04-30 18:19IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.
{
"affected": [],
"aliases": [
"CVE-2002-0515"
],
"database_specific": {
"cwe_ids": [
"CWE-203"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2002-08-12T04:00:00Z",
"severity": "MODERATE"
},
"details": "IPFilter 3.4.25 and earlier sets a different TTL when a port is being filtered than when it is not being filtered, which allows remote attackers to identify filtered ports by comparing TTLs.",
"id": "GHSA-x74c-jx25-vjp6",
"modified": "2022-04-30T18:19:22Z",
"published": "2022-04-30T18:19:22Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2002-0515"
},
{
"type": "WEB",
"url": "http://www.iss.net/security_center/static/8738.php"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/archive/1/265188"
},
{
"type": "WEB",
"url": "http://www.securityfocus.com/bid/4403"
}
],
"schema_version": "1.4.0",
"severity": []
}
Mitigation MIT-46
Strategy: Separation of Privilege
- Compartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area.
- Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separation functionality. Architects and designers should rely on the principle of least privilege to decide the appropriate time to use privileges and the time to drop privileges.
Mitigation MIT-39
- Ensure that error messages only contain minimal details that are useful to the intended audience and no one else. The messages need to strike the balance between being too cryptic (which can confuse users) or being too detailed (which may reveal more than intended). The messages should not reveal the methods that were used to determine the error. Attackers can use detailed information to refine or optimize their original attack, thereby increasing their chances of success.
- If errors must be captured in some detail, record them in log messages, but consider what could occur if the log messages can be viewed by attackers. Highly sensitive information such as passwords should never be saved to log files.
- Avoid inconsistent messaging that might accidentally tip off an attacker about internal state, such as whether a user account exists or not.
CAPEC-189: Black Box Reverse Engineering
An adversary discovers the structure, function, and composition of a type of computer software through black box analysis techniques. 'Black Box' methods involve interacting with the software indirectly, in the absence of direct access to the executable object. Such analysis typically involves interacting with the software at the boundaries of where the software interfaces with a larger execution environment, such as input-output vectors, libraries, or APIs. Black Box Reverse Engineering also refers to gathering physical side effects of a hardware device, such as electromagnetic radiation or sounds.