Common Weakness Enumeration

CWE-385

Allowed

Covert Timing Channel

Abstraction: Base · Status: Incomplete

Covert timing channels convey information by modulating some aspect of system behavior over time, so that the program receiving the information can observe system behavior and infer protected information.

76 vulnerabilities reference this CWE, most recent first.

GHSA-WR9H-G72X-MWHM

Vulnerability from github – Published: 2025-10-07 17:24 – Updated: 2025-10-07 17:24
VLAI
Summary
vLLM is vulnerable to timing attack at bearer auth
Details

Summary

The API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.

Details

https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274

API key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.

Impact

Deployments relying on vLLM's built-in API key validation are vulnerable to authentication bypass using this technique.

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "vllm"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "0.11.0"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-59425"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-10-07T17:24:47Z",
    "nvd_published_at": "2025-10-07T14:15:38Z",
    "severity": "HIGH"
  },
  "details": "### Summary\nThe API key support in vLLM performed validation using a method that was vulnerable to a timing attack. This could potentially allow an attacker to discover a valid API key using an approach more efficient than brute force.\n\n### Details\nhttps://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274\n\nAPI key validation used a string comparison that will take longer the more characters the provided API key gets correct. Data analysis across many attempts can allow an attacker to determine when it finds the next correct character in the key sequence.\n \n### Impact\nDeployments relying on vLLM\u0027s built-in API key validation are vulnerable to authentication bypass using this technique.",
  "id": "GHSA-wr9h-g72x-mwhm",
  "modified": "2025-10-07T17:24:47Z",
  "published": "2025-10-07T17:24:47Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/security/advisories/GHSA-wr9h-g72x-mwhm"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-59425"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/commit/ee10d7e6ff5875386c7f136ce8b5f525c8fcef48"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/vllm-project/vllm"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/blob/4b946d693e0af15740e9ca9c0e059d5f333b1083/vllm/entrypoints/openai/api_server.py#L1270-L1274"
    },
    {
      "type": "WEB",
      "url": "https://github.com/vllm-project/vllm/releases/tag/v0.11.0"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "vLLM is vulnerable to timing attack at bearer auth"
}

GHSA-WWRV-F6V4-M66R

Vulnerability from github – Published: 2024-03-26 15:30 – Updated: 2024-03-26 15:30
VLAI
Details

Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior. This could allow a remote attacker to obtain sensitive information using a timing-based attack. IBM X-Force ID: 257676.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-33855"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-03-26T14:15:07Z",
    "severity": "LOW"
  },
  "details": "Under certain conditions, RSA operations performed by IBM Common Cryptographic Architecture (CCA) 7.0.0 through 7.5.36 may exhibit non-constant-time behavior.  This could allow a remote attacker to obtain sensitive information using a timing-based attack.  IBM X-Force ID:  257676.",
  "id": "GHSA-wwrv-f6v4-m66r",
  "modified": "2024-03-26T15:30:50Z",
  "published": "2024-03-26T15:30:50Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-33855"
    },
    {
      "type": "WEB",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/257676"
    },
    {
      "type": "WEB",
      "url": "https://www.ibm.com/support/pages/node/7145168"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X697-V25M-6PHV

Vulnerability from github – Published: 2024-01-16 12:30 – Updated: 2024-07-08 18:31
VLAI
Details

A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-0553"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-203",
      "CWE-385"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-01-16T12:15:45Z",
    "severity": "MODERATE"
  },
  "details": "A vulnerability was found in GnuTLS. The response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding. This issue may allow a remote attacker to perform a timing side-channel attack in the RSA-PSK key exchange, potentially leading to the leakage of sensitive data. CVE-2024-0553 is designated as an incomplete resolution for CVE-2023-5981.",
  "id": "GHSA-x697-v25m-6phv",
  "modified": "2024-07-08T18:31:15Z",
  "published": "2024-01-16T12:30:26Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-0553"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0533"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0627"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:0796"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1082"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1108"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:1383"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2024:2094"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2024-0553"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2258412"
    },
    {
      "type": "WEB",
      "url": "https://gitlab.com/gnutls/gnutls/-/issues/1522"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00010.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7ZEIOLORQ7N6WRPFXZSYDL2MC4LP7VFV"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/GNXKVR5YNUEBNHAHM5GSYKBZX4W2HMN2"
    },
    {
      "type": "WEB",
      "url": "https://lists.gnupg.org/pipermail/gnutls-help/2024-January/004841.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20240202-0011"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2024/01/19/3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-X8QH-8J65-V4J9

Vulnerability from github – Published: 2024-05-14 15:32 – Updated: 2025-11-03 21:31
VLAI
Details

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2024-26306"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-05-14T15:08:51Z",
    "severity": "MODERATE"
  },
  "details": "iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.",
  "id": "GHSA-x8qh-8j65-v4j9",
  "modified": "2025-11-03T21:31:04Z",
  "published": "2024-05-14T15:32:52Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-26306"
    },
    {
      "type": "WEB",
      "url": "https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"
    },
    {
      "type": "WEB",
      "url": "https://github.com/esnet/iperf/releases/tag/3.17"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html"
    },
    {
      "type": "WEB",
      "url": "https://security.netapp.com/advisory/ntap-20250228-0007"
    },
    {
      "type": "WEB",
      "url": "https://www.insyde.com/security-pledge/SA-2024005"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XFGW-QCMV-354J

Vulnerability from github – Published: 2024-09-07 18:30 – Updated: 2025-11-04 21:31
VLAI
Details

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.

Show details on source website

{
  "affected": [],
  "aliases": [
    "CVE-2023-46809"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-385"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-09-07T16:15:02Z",
    "severity": "HIGH"
  },
  "details": "Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com/~hkario/marvin/, if PCKS #1 v1.5 padding is allowed when performing RSA descryption using a private key.",
  "id": "GHSA-xfgw-qcmv-354j",
  "modified": "2025-11-04T21:31:29Z",
  "published": "2024-09-07T18:30:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-46809"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/03/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://lists.debian.org/debian-lts-announce/2024/09/msg00029.html"
    },
    {
      "type": "WEB",
      "url": "https://nodejs.org/en/blog/vulnerability/february-2024-security-releases"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GHSA-XRX6-FMXQ-RJJ2

Vulnerability from github – Published: 2021-04-30 17:35 – Updated: 2024-10-26 22:33
VLAI
Summary
Timing attacks in python-rsa
Details

It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA

Show details on source website

{
  "affected": [
    {
      "package": {
        "ecosystem": "PyPI",
        "name": "rsa"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "2.1"
            },
            {
              "fixed": "4.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2020-25658"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-327",
      "CWE-385"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-04-20T17:11:41Z",
    "nvd_published_at": "2020-11-12T14:15:00Z",
    "severity": "HIGH"
  },
  "details": "It was found that python-rsa is vulnerable to Bleichenbacher timing attacks. An attacker can use this flaw via the RSA decryption API to decrypt parts of the cipher text encrypted with RSA",
  "id": "GHSA-xrx6-fmxq-rjj2",
  "modified": "2024-10-26T22:33:21Z",
  "published": "2021-04-30T17:35:15Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25658"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sybrenstuvel/python-rsa/issues/165"
    },
    {
      "type": "WEB",
      "url": "https://github.com/sybrenstuvel/python-rsa/commit/dae8ce0d85478e16f2368b2341632775313d41ed"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/security/cve/CVE-2020-25658"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889972"
    },
    {
      "type": "WEB",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-25658"
    },
    {
      "type": "ADVISORY",
      "url": "https://github.com/advisories/GHSA-xrx6-fmxq-rjj2"
    },
    {
      "type": "WEB",
      "url": "https://github.com/pypa/advisory-database/tree/main/vulns/rsa/PYSEC-2020-100.yaml"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/sybrenstuvel/python-rsa"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2022:1716"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2021:0637"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2SAF67KDGSOHLVFTRDOHNEAFDRSSYIWA"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/APF364QJ2IYLPDNVFBOEJ24QP2WLVLJP"
    },
    {
      "type": "WEB",
      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QY4PJWTYSOV7ZEYZVMYIF6XRU73CY6O7"
    },
    {
      "type": "WEB",
      "url": "https://access.redhat.com/errata/RHSA-2020:5634"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Timing attacks in python-rsa"
}

Mitigation
Architecture and Design

Whenever possible, specify implementation strategies that do not introduce time variances in operations.

Mitigation
Implementation

Often one can artificially manipulate the time which operations take or -- when operations occur -- can remove information from the attacker.

Mitigation
Implementation

It is reasonable to add artificial or random delays so that the amount of CPU time consumed is independent of the action being taken by the application.

CAPEC-462: Cross-Domain Search Timing

An attacker initiates cross domain HTTP / GET requests and times the server responses. The timing of these responses may leak important information on what is happening on the server. Browser's same origin policy prevents the attacker from directly reading the server responses (in the absence of any other weaknesses), but does not prevent the attacker from timing the responses to requests that the attacker issued cross domain.