CVE-2024-37880

HIGH Year: 2024
CVSS v3 Score
7.5
High
Weakness Type
CWE-203
View all →

Vulnerability Description

The Kyber reference implementation before 9b8d306, when compiled by LLVM Clang through 18.x with some common optimization options, has a timing side channel that allows attackers to recover an ML-KEM 512 secret key in minutes. This occurs because poly_frommsg in poly.c does not prevent Clang from emitting a vulnerable secret-dependent branch.

Related Vulnerabilities

CVE-2016-6489

HIGH
CVSS:7.5(High)

The RSA and DSA decryption code in Nettle makes it easier for attackers to discover private keys via a cache side channel attack.

CWE-2032016

CVE-2017-9735

HIGH
CVSS:7.5(High)

Jetty through 9.4.x is prone to a timing channel in util/security/Password.java, which makes it easier for remote attackers to obtain access by observing elapsed times before rejection of incorrect pa...

CWE-2032017

CVE-2018-9364

HIGH
CVSS:7.5(High)

In the LG LAF component, there is a special command that allowed modification of certain partitions. This could lead to bypass of secure boot. User interaction is not needed for exploitation.

CWE-2032018

CVE-2019-10114

HIGH
CVSS:7.5(High)

An Information Exposure issue (issue 2 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. During the OAuth authentication pr...

CWE-2032019

CVE-2019-18850

HIGH
CVSS:7.5(High)

TrevorC2 v1.1/v1.2 fails to prevent fingerprinting primarily via a discrepancy between response headers when responding to different HTTP methods, also via predictible responses when accessing and int...

CWE-2032019