CVE-2024-13176
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-13176
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-13176.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-13176
- Downstream
- Related
- Published
- 2025-01-20T14:15:26Z
- Modified
- 2025-10-21T17:27:26.357484Z
- Severity
-
- 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation.
Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency.
There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.
The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.
- References
-
- https://security.netapp.com/advisory/ntap-20250124-0005/
- https://security.netapp.com/advisory/ntap-20250418-0010/
- https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844
- https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467
- https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902
- https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65
- https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f
- https://github.openssl.org/openssl/extended-releases/commit/0d5fd1ab987f7571e2c955d8d8b638fc0fb54ded
- https://github.openssl.org/openssl/extended-releases/commit/a2639000db19878d5d89586ae7b725080592ae86
- https://openssl-library.org/news/secadv/20250120.txt
- http://www.openwall.com/lists/oss-security/2025/01/20/2
- https://lists.debian.org/debian-lts-announce/2025/05/msg00028.html
Affected packages
Git / github.com/openssl/openssl
Affected ranges
- Type
- GIT
- Repo
- https://github.com/openssl/openssl
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixedFixedFixed
Affected versions
Other
BEFORE_engine
OpenSSL_0_9_1c
OpenSSL_0_9_2b
OpenSSL_0_9_3
OpenSSL_0_9_3a
OpenSSL_0_9_3beta2
OpenSSL_0_9_4
OpenSSL_0_9_5a
OpenSSL_0_9_5a-beta1
OpenSSL_0_9_5a-beta2
OpenSSL_0_9_5beta1
OpenSSL_0_9_5beta2
OpenSSL_0_9_6-beta3
OpenSSL_1_1_0-pre1
OpenSSL_1_1_0-pre2
OpenSSL_1_1_0-pre3
OpenSSL_1_1_0-pre4
OpenSSL_1_1_0-pre5
OpenSSL_1_1_0-pre6
OpenSSL_1_1_1
OpenSSL_1_1_1-pre1
OpenSSL_1_1_1-pre2
OpenSSL_1_1_1-pre3
OpenSSL_1_1_1-pre4
OpenSSL_1_1_1-pre5
OpenSSL_1_1_1-pre6
OpenSSL_1_1_1-pre7
OpenSSL_1_1_1-pre8
OpenSSL_1_1_1-pre9
master-post-auto-reformat
master-post-reformat
master-pre-auto-reformat
master-pre-reformat
openssl-3.*
openssl-3.0.0
openssl-3.0.0-alpha1
openssl-3.0.0-alpha10
openssl-3.0.0-alpha11
openssl-3.0.0-alpha12
openssl-3.0.0-alpha13
openssl-3.0.0-alpha14
openssl-3.0.0-alpha15
openssl-3.0.0-alpha16
openssl-3.0.0-alpha17
openssl-3.0.0-alpha2
openssl-3.0.0-alpha3
openssl-3.0.0-alpha4
openssl-3.0.0-alpha5
openssl-3.0.0-alpha6
openssl-3.0.0-alpha7
openssl-3.0.0-alpha8
openssl-3.0.0-alpha9
openssl-3.0.0-beta1
openssl-3.0.0-beta2
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.15
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.0-alpha1
openssl-3.1.0-beta1
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.1.5
openssl-3.1.6
openssl-3.1.7
openssl-3.2.0
openssl-3.2.0-alpha1
openssl-3.2.0-alpha2
openssl-3.2.0-beta1
openssl-3.2.1
openssl-3.2.2
openssl-3.2.3
openssl-3.3.0
openssl-3.3.0-alpha1
openssl-3.3.0-beta1
openssl-3.3.1
openssl-3.3.2
openssl-3.4.0
openssl-3.4.0-alpha1
openssl-3.4.0-beta1
Database specific
vanir_signatures
[
{
"source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
"target": {
"file": "crypto/ec/ec_lib.c"
},
"deprecated": false,
"id": "CVE-2024-13176-02b65757",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127754948284799574646612715291914192370",
"107633108841617456827974748623002941",
"105128839132312456559305794417964519678",
"220978175685594651981552750147750539139",
"169600024918161393316340193772684852098",
"117654638435679831764459313705877108896",
"23928219980244535399498129546065066676",
"293745726617568990317434370779477363519"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
"target": {
"function": "BN_mod_exp_mont_consttime",
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-1033742d",
"signature_version": "v1",
"digest": {
"length": 11318.0,
"function_hash": "209975814518152852375258448294589197529"
},
"signature_type": "Function"
},
{
"source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
"target": {
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-17ac49d3",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173589800300154267675612065402467888493",
"129405406525769322493076198728768900113",
"136800792888609131789496600562783967119",
"159174750777734389295701369864010049181",
"158807332022056555706233351020895631932",
"81659307983826938737211959800551987670",
"65661878801926066286695416919387343632",
"331146051454193067843509155410151830908",
"106927928807750830570996030094648112881",
"246702777271085149088970109591189963124",
"13553649955201634036089378149381067019",
"48764857157202029741626741483796973376",
"50856018716436605684813922551136358229",
"334002642869357515784447868384854133811",
"63758175942037580590598196895455058189",
"191064388880109290899961512230526792681",
"25026424422371339317817700797451463299"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
"target": {
"function": "BN_mod_exp_mont_consttime",
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-23514e34",
"signature_version": "v1",
"digest": {
"length": 11318.0,
"function_hash": "209975814518152852375258448294589197529"
},
"signature_type": "Function"
},
{
"source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
"target": {
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-2d5a8353",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173589800300154267675612065402467888493",
"129405406525769322493076198728768900113",
"136800792888609131789496600562783967119",
"159174750777734389295701369864010049181",
"158807332022056555706233351020895631932",
"81659307983826938737211959800551987670",
"65661878801926066286695416919387343632",
"331146051454193067843509155410151830908",
"106927928807750830570996030094648112881",
"246702777271085149088970109591189963124",
"13553649955201634036089378149381067019",
"48764857157202029741626741483796973376",
"50856018716436605684813922551136358229",
"334002642869357515784447868384854133811",
"63758175942037580590598196895455058189",
"191064388880109290899961512230526792681",
"25026424422371339317817700797451463299"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
"target": {
"file": "include/crypto/bn.h"
},
"deprecated": false,
"id": "CVE-2024-13176-37feae62",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251324203488872817167019601435108299733",
"40806596891362736307168808995206433787",
"112583956667954258596531188879431655895",
"138582937579070891515807629355127583885"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
"target": {
"file": "crypto/ec/ec_lib.c"
},
"deprecated": false,
"id": "CVE-2024-13176-3e8d1eb9",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127754948284799574646612715291914192370",
"107633108841617456827974748623002941",
"105128839132312456559305794417964519678",
"220978175685594651981552750147750539139",
"169600024918161393316340193772684852098",
"117654638435679831764459313705877108896",
"23928219980244535399498129546065066676",
"293745726617568990317434370779477363519"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
"target": {
"file": "include/crypto/bn.h"
},
"deprecated": false,
"id": "CVE-2024-13176-3f42d259",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251324203488872817167019601435108299733",
"40806596891362736307168808995206433787",
"112583956667954258596531188879431655895",
"138582937579070891515807629355127583885"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
"target": {
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-4140486d",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173589800300154267675612065402467888493",
"129405406525769322493076198728768900113",
"136800792888609131789496600562783967119",
"159174750777734389295701369864010049181",
"158807332022056555706233351020895631932",
"81659307983826938737211959800551987670",
"65661878801926066286695416919387343632",
"331146051454193067843509155410151830908",
"106927928807750830570996030094648112881",
"246702777271085149088970109591189963124",
"13553649955201634036089378149381067019",
"48764857157202029741626741483796973376",
"50856018716436605684813922551136358229",
"334002642869357515784447868384854133811",
"63758175942037580590598196895455058189",
"191064388880109290899961512230526792681",
"25026424422371339317817700797451463299"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
"target": {
"file": "include/crypto/bn.h"
},
"deprecated": false,
"id": "CVE-2024-13176-48367449",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251324203488872817167019601435108299733",
"40806596891362736307168808995206433787",
"112583956667954258596531188879431655895",
"138582937579070891515807629355127583885"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
"target": {
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-619982cd",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173589800300154267675612065402467888493",
"129405406525769322493076198728768900113",
"136800792888609131789496600562783967119",
"159174750777734389295701369864010049181",
"158807332022056555706233351020895631932",
"81659307983826938737211959800551987670",
"65661878801926066286695416919387343632",
"331146051454193067843509155410151830908",
"106927928807750830570996030094648112881",
"246702777271085149088970109591189963124",
"13553649955201634036089378149381067019",
"48764857157202029741626741483796973376",
"50856018716436605684813922551136358229",
"334002642869357515784447868384854133811",
"63758175942037580590598196895455058189",
"191064388880109290899961512230526792681",
"25026424422371339317817700797451463299"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
"target": {
"file": "include/crypto/bn.h"
},
"deprecated": false,
"id": "CVE-2024-13176-75a092d4",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251324203488872817167019601435108299733",
"40806596891362736307168808995206433787",
"112583956667954258596531188879431655895",
"138582937579070891515807629355127583885"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
"target": {
"file": "include/crypto/bn.h"
},
"deprecated": false,
"id": "CVE-2024-13176-948094f9",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"251324203488872817167019601435108299733",
"40806596891362736307168808995206433787",
"112583956667954258596531188879431655895",
"138582937579070891515807629355127583885"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
"target": {
"function": "BN_mod_exp_mont_consttime",
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-952fba80",
"signature_version": "v1",
"digest": {
"length": 11318.0,
"function_hash": "209975814518152852375258448294589197529"
},
"signature_type": "Function"
},
{
"source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
"target": {
"function": "BN_mod_exp_mont_consttime",
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-9eef3609",
"signature_version": "v1",
"digest": {
"length": 11318.0,
"function_hash": "209975814518152852375258448294589197529"
},
"signature_type": "Function"
},
{
"source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
"target": {
"file": "crypto/ec/ec_lib.c"
},
"deprecated": false,
"id": "CVE-2024-13176-b885df34",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"332405531834258800453855045674511600246",
"158343597431739389122396850815921490520",
"3701881040623673446980161294049765680",
"220978175685594651981552750147750539139",
"169600024918161393316340193772684852098",
"117654638435679831764459313705877108896",
"23928219980244535399498129546065066676",
"293745726617568990317434370779477363519"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
"target": {
"function": "BN_mod_exp_mont_consttime",
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-cd7ba068",
"signature_version": "v1",
"digest": {
"length": 11318.0,
"function_hash": "209975814518152852375258448294589197529"
},
"signature_type": "Function"
},
{
"source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
"target": {
"file": "crypto/bn/bn_exp.c"
},
"deprecated": false,
"id": "CVE-2024-13176-d57277e7",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"173589800300154267675612065402467888493",
"129405406525769322493076198728768900113",
"136800792888609131789496600562783967119",
"159174750777734389295701369864010049181",
"158807332022056555706233351020895631932",
"81659307983826938737211959800551987670",
"65661878801926066286695416919387343632",
"331146051454193067843509155410151830908",
"106927928807750830570996030094648112881",
"246702777271085149088970109591189963124",
"13553649955201634036089378149381067019",
"48764857157202029741626741483796973376",
"50856018716436605684813922551136358229",
"334002642869357515784447868384854133811",
"63758175942037580590598196895455058189",
"191064388880109290899961512230526792681",
"25026424422371339317817700797451463299"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
"target": {
"file": "crypto/ec/ec_lib.c"
},
"deprecated": false,
"id": "CVE-2024-13176-f39a6b13",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"127754948284799574646612715291914192370",
"107633108841617456827974748623002941",
"105128839132312456559305794417964519678",
"220978175685594651981552750147750539139",
"169600024918161393316340193772684852098",
"117654638435679831764459313705877108896",
"23928219980244535399498129546065066676",
"293745726617568990317434370779477363519"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
"target": {
"file": "crypto/ec/ec_lib.c"
},
"deprecated": false,
"id": "CVE-2024-13176-fe59c5b4",
"signature_version": "v1",
"digest": {
"threshold": 0.9,
"line_hashes": [
"332405531834258800453855045674511600246",
"158343597431739389122396850815921490520",
"3701881040623673446980161294049765680",
"220978175685594651981552750147750539139",
"169600024918161393316340193772684852098",
"117654638435679831764459313705877108896",
"23928219980244535399498129546065066676",
"293745726617568990317434370779477363519"
]
},
"signature_type": "Line"
}
]