PT-2025-2037 · Openssl+10 · Openssl+10
Alicja Kario
+2
·
Published
2025-01-20
·
Updated
2026-04-27
·
CVE-2024-13176
CVSS v2.0
4.3
Medium
| Vector | AV:L/AC:L/Au:S/C:P/I:P/A:P |
Name of the Vulnerable Software and Affected Versions
OpenSSL (affected versions not specified)
Description
A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency. There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is
inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves, in particular the NIST P-521 curve. The severity of this vulnerability is Low.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Almalinux
Astra Linux
Debian
Ibm Aix
Linuxmint
Mysql Server
Openssl
Red Hat
Red Os
Suse
Ubuntu