CWE-208 - Information Exposure Through Timing Discrepancy

Description

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

Latest vulnerabilities for CWE-208

Multiple vulnerabilities in Dell Networking OS10 2024-04-23
High Yes

Information exposure through timing discrepancy in IBM Power System 2024-04-22
Medium Yes

Multiple vulnerabilities in Oracle StorageTek Tape Analytics (STA) 2024-04-17
High Yes

Multiple vulnerabilities in Juniper Networks Junos cRPD 2024-04-15
High Yes

Multiple vulnerabilities in Juniper Cloud Native Router 2024-04-15
High Yes

Multiple vulnerabilities in Siemens Telecontrol Server Basic 2024-04-15
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-12
High Yes

Multiple vulnerabilities in IBM QRadar SIEM 2024-04-02
High Yes

Multiple vulnerabilities in IBM Observability with Instana 2024-04-01
Medium Yes

Timing side-channel attack in libgcrypt 2024-03-11
Medium No

References

Description of CWE-208 on Mitre website