CWE-208

Observable Timing Discrepancy

Parent: CWE-203 - Observable Discrepancy

Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

137 vulnerabilities with CWE-208
CVE-2025-54499 LOW
Mattermost <10.5.10, <10.11.2 - Info Disclosure
CVSS 3.1
CVE-2025-9031 MEDIUM
DivvyDrive Web 4.8.2.2-4.8.2.14 - Observable Timing Discrepancy via Cross-Domain Search
CVSS 4.3
CVE-2025-59432 MEDIUM
scram-common < 3.2 - Timing Side-Channel Attack via Arrays.equals Comparison
CVE-2025-59350 MEDIUM
Dragonfly < 2.1.0 - Observable Timing Discrepancy in Proxy Access Control
CVSS 5.3
CVE-2025-59058 MEDIUM
httpsig-rs < 0.0.19 - Timing Attack via HMAC Signature Comparison
CVSS 5.9
CVE-2025-7383 MEDIUM
Oberon PSA Crypto <1.5.1 - Info Disclosure
CVE-2025-7071 MEDIUM
Oberon microsystem AG's ocrypto <3.9.2 - Info Disclosure
CVE-2025-43754 MEDIUM
Liferay Portal/DXP - Info Disclosure
CVSS 5.3
CVE-2025-20067 MEDIUM
Intel(R) CSME/SPS - Info Disclosure
CVSS 6.0
CVE-2025-8774 LOW
riscv-boom SonicBOOM <2.2.3 - Info Disclosure
CVSS 2.5
CVE-2025-53940 HIGH
Quiet <6.1.0-alpha.4 - Timing Attack
CVE-2025-48995 MEDIUM
SignXML < 4.0.4 - Observable Timing Discrepancy in HMAC Verification
CVE-2025-46570 LOW
vllm < 0.9.0 - Observable Timing Discrepancy in PageAttention Prefill
CVSS 2.6
CVE-2025-27936 MEDIUM
Mattermost Plugin MSTeams <2.1.0 & Mattermost Server 10.5.x <=10.5....
CVSS 5.3
CVE-2025-30344 MEDIUM
OpenSlides <4.2.5 - Info Disclosure
CVSS 5.3
CVE-2025-29780 MEDIUM
Post-Quantum Secure Feldman's Verifiable Secret Sharing <0.8.0b2 - ...
CVE-2025-0693 MEDIUM
AWS Sign-in < unknown - Info Disclosure
CVSS 5.3
CVE-2024-36469 LOW
Zabbix 5.0.0 through 5.0.46 - Information Disclosure via Login Timing
CVSS 3.1
CVE-2024-13939 HIGH
String::Compare::ConstantTime < 0.321 - Observable Timing Discrepancy
CVSS 7.5
CVE-2024-22340 MEDIUM
IBM Common Cryptographic Architecture <7.5.51 - Info Disclosure
CVSS 6.5
CVE-2024-54772 MEDIUM
MikroTik RouterOS <7.17.2 - Info Disclosure
CVSS 5.4
CVE-2024-42512 HIGH
OPC UA .NET Standard Stack <1.5.374.158 - Auth Bypass
CVSS 8.6
CVE-2024-23953 MEDIUM
Apache Hive 2.2.0-4.0.0 - Authenticated Observable Timing Discrepancy in LlapSignerImpl
CVSS 6.5
CVE-2024-56738 MEDIUM
GNU GRUB2 < 2.12 - Observable Timing Discrepancy in grub_crypto_memcmp
CVSS 5.3
CVE-2024-52307 MEDIUM
authentik < 2024.8.5 - Observable Timing Discrepancy in Metrics Endpoint
CVSS 5.6
Details
Vulnerabilities 137
Links
MITRE CWE Entry Search this CWE With Exploits