Lucene search
Veracode Vulnerability DatabaseVERACODE:40059HistoryApr 06, 2023 - 10:50 a.m.
Timing Attack
2023-04-0610:50:10
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
74
timing attack
vulnerability
github.com/hashicorp/vault
mult
div
shamir.go
unseal operations
host
software
0.0004 Low
EPSS
Percentile
9.0%
github.com/hashicorp/vault is vulnerable to Timing Attacks. The vulnerability exists in mult and div functions of shamir.go because of not implementing a constant time which allows an attacker to observe a large number of unseal operations on the host.
References
discuss.hashicorp.com/t/hcsec-2023-10-vault-vulnerable-to-cache-timing-attacks-during-seal-and-unseal-operations/52078
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
github.com/hashicorp/vault/commit/ed08e45069d60fc4452fad7d44bcfd3b2e4c8236
security.netapp.com/advisory/ntap-20230526-0008/
Related
osv
osv
BIT-vault-2023-25000
2024-03-06 11:09:06
CVE-2023-25000
2023-03-30 01:15:07
prion
prion
Denial of service
2023-03-30 01:15:00
cve
cve
CVE-2023-25000
2023-03-30 01:15:07
cvelist
cvelist
redhatcve
redhatcve
CVE-2023-25000
2023-03-30 10:14:02
nvd
nvd
CVE-2023-25000
2023-03-30 01:15:07
wolfi
wolfi
CVE-2023-25000 vulnerabilities
2024-07-05 09:08:40
cgr
cgr
CVE-2023-25000 vulnerabilities
2024-05-19 03:07:16
github
github
ibm
ibm
redhat
redhat