VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-44qv-nzwp-b7ed

Essentials
Severities (91)
References (21)
Severity details (18)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-44qv-nzwp-b7ed
Aliases	CVE-2024-13176
Summary	openssl: Timing side-channel in ECDSA signature computation
Status	Published
Exploitability	0.5
Weighted Severity	4.2
Risk	2.1
Affected and Fixed Packages	Package Details

Weaknesses (1)

CWE-385

Covert Timing Channel

System	Score	Found at
cvssv3	4.7	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00024	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00029	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.0003	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00033	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00045	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00064	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00075	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
epss	0.00113	https://api.first.org/data/v1/epss?cve=CVE-2024-13176
cvssv3.1	5.9	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
ssvc	Track	https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
ssvc	Track	https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
ssvc	Track	https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
ssvc	Track	https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
cvssv3.1	4.1	https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
ssvc	Track	https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
cvssv3.1	4.1	https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
cvssv3.1	4.1	https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
ssvc	Track	https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
cvssv3.1	4.1	https://openssl-library.org/news/secadv/20250120.txt
ssvc	Track	https://openssl-library.org/news/secadv/20250120.txt

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json
		https://api.first.org/data/v1/epss?cve=CVE-2024-13176
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-13176
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html
		https://security.netapp.com/advisory/ntap-20250124-0005/
		https://security.netapp.com/advisory/ntap-20250418-0010/
		http://www.openwall.com/lists/oss-security/2025/01/20/2
07272b05b04836a762b4baa874958af51d513844		https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded		https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
1094027		https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1094027
20250120.txt		https://openssl-library.org/news/secadv/20250120.txt
2338999		https://bugzilla.redhat.com/show_bug.cgi?id=2338999
2af62e74fb59bc469506bc37eb2990ea408d9467		https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
392dcb336405a0c94486aa6655057f59fd3a0902		https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
4b1cb94a734a7d4ec363ac0a215a25c181e11f65		https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
77c608f4c8857e63e98e66444e2e761c9627916f		https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
a2639000db19878d5d89586ae7b725080592ae86		https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
CVE-2024-13176		https://nvd.nist.gov/vuln/detail/CVE-2024-13176
USN-7264-1		https://usn.ubuntu.com/7264-1/
USN-7278-1		https://usn.ubuntu.com/7278-1/

No exploits are available.

Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86

Vector: CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L Found at https://openssl-library.org/news/secadv/20250120.txt

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-27T20:21:21Z/ Found at https://openssl-library.org/news/secadv/20250120.txt

Exploit Prediction Scoring System (EPSS)

Percentile	0.05034
EPSS Score	0.00024
Published At	May 15, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-03-28T05:42:51.443629+00:00	RedHat Importer	Import	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-13176.json	36.0.0