VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-1rk7-h5gt-9bc6

Essentials
Severities (36)
References (21)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-1rk7-h5gt-9bc6
Aliases	CVE-2024-13176
Summary	Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation. Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low. The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
Status	Published
Exploitability	0.5
Weighted Severity	4.2
Risk	2.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-385

Covert Timing Channel

System	Score	Found at
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00071	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
ssvc	Track	https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
ssvc	Track	https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
ssvc	Track	https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
ssvc	Track	https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
ssvc	Track	https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
cvssv3.1	4.1	https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
cvssv3.1	4.1	https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
cvssv3.1	4.1	https://openssl-library.org/news/secadv/20250120.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250120.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-13176
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html
		https://security.netapp.com/advisory/ntap-20250124-0005/
		https://security.netapp.com/advisory/ntap-20250418-0010/
		http://www.openwall.com/lists/oss-security/2025/01/20/2
07272b05b04836a762b4baa874958af51d513844		https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded		https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
1094027		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027
20250120.txt		https://openssl-library.org/news/secadv/20250120.txt
2338999		https://bugzilla.redhat.com/show_bug.cgi?id=2338999
2af62e74fb59bc469506bc37eb2990ea408d9467		https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
392dcb336405a0c94486aa6655057f59fd3a0902		https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
4b1cb94a734a7d4ec363ac0a215a25c181e11f65		https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
77c608f4c8857e63e98e66444e2e761c9627916f		https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
a2639000db19878d5d89586ae7b725080592ae86		https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
CVE-2024-13176		https://nvd.nist.gov/vuln/detail/CVE-2024-13176
USN-7264-1		https://usn.ubuntu.com/7264-1/
USN-7278-1		https://usn.ubuntu.com/7278-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://openssl-library.org/news/secadv/20250120.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://openssl-library.org/news/secadv/20250120.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.22444
EPSS Score	0.00071
Published At	July 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-31T08:48:46.150419+00:00	Ubuntu USN Importer	Import	https://usn.ubuntu.com/7264-1/	37.0.0