Description
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Extended Description
In security-relevant contexts, even small variations in timing can be exploited by attackers to indirectly infer certain details about the product's internal operations. For example, in some cryptographic algorithms, attackers can use timing differences to infer certain properties about a private key, making the key easier to guess. Timing discrepancies effectively form a timing side channel.
CVE vulnerabilities with CWE-208 (147)
9.8
CVSS
CRITICAL
CVE-2023-41313
pub. 2024-03-12
9.8
CVSS
CRITICAL
CVE-2021-43298
pub. 2022-01-25
9.0
CVSS
CRITICAL
CVE-2026-41588
pub. 2026-05-08
8.9
CVSS
HIGH
CVE-2026-23519
pub. 2026-01-15
8.7
CVSS
HIGH
CVE-2024-47178
pub. 2024-09-30
8.6
CVSS
HIGH
CVE-2024-42512
pub. 2025-02-10
8.5
CVSS
HIGH
CVE-2025-53940
pub. 2025-07-24
8.2
CVSS
HIGH
CVE-2026-32935
pub. 2026-03-20
8.2
CVSS
HIGH
CVE-2026-28464
pub. 2026-03-05
8.2
CVSS
HIGH
CVE-2026-3337
pub. 2026-03-02
8.2
CVSS
HIGH
CVE-2024-31074
pub. 2024-11-13
8.1
CVSS
HIGH
CVE-2026-47783
pub. 2026-05-20
8.1
CVSS
HIGH
CVE-2026-47784
pub. 2026-05-20
8.1
CVSS
HIGH
CVE-2026-42602
pub. 2026-05-13
8.1
CVSS
HIGH
CVE-2024-29995
pub. 2024-08-13
8.0
CVSS
HIGH
CVE-2023-25529
pub. 2023-09-20
7.5
CVSS
HIGH
CVE-2026-47373
pub. 2026-05-20
7.5
CVSS
HIGH
CVE-2026-40972
pub. 2026-04-28
7.5
CVSS
HIGH
CVE-2026-5086
pub. 2026-04-13
7.5
CVSS
HIGH
CVE-2025-70949
pub. 2026-03-05
Showing 20 of 147 vulnerabilities