CVE-2024-13176

Source
https://cve.org/CVERecord?id=CVE-2024-13176
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13176.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-13176
Downstream
Related
Published
2025-01-20T13:29:57.047Z
Modified
2026-07-14T17:20:36.562572Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
Summary
Timing side-channel in ECDSA signature computation
Details

Issue summary: A timing side-channel which could potentially allow recovering the private key exists in the ECDSA signature computation.

Impact summary: A timing side-channel in ECDSA signature computations could allow recovering the private key by an attacker. However, measuring the timing would require either local access to the signing application or a very fast network connection with low latency.

There is a timing signal of around 300 nanoseconds when the top word of the inverted ECDSA nonce value is zero. This can happen with significant probability only for some of the supported elliptic curves. In particular the NIST P-521 curve is affected. To be able to measure this leak, the attacker process must either be located in the same physical computer or must have a very fast network connection with low latency. For that reason the severity of this vulnerability is Low.

The FIPS modules in 3.4, 3.3, 3.2, 3.1 and 3.0 are affected by this issue.

Database specific
{
    "cwe_ids": [
        "CWE-385"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/13xxx/CVE-2024-13176.json",
    "cna_assigner": "openssl"
}
References

Affected packages

Git / github.com/openssl/openssl

Affected ranges

Type
GIT
Repo
https://github.com/openssl/openssl
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "REFERENCES"
    ],
    "extracted_events": [
        {
            "introduced": "3.4.0"
        },
        {
            "fixed": "3.4.1"
        },
        {
            "introduced": "3.3.0"
        },
        {
            "fixed": "3.3.3"
        },
        {
            "introduced": "3.2.0"
        },
        {
            "fixed": "3.2.4"
        },
        {
            "introduced": "3.1.0"
        },
        {
            "fixed": "3.1.8"
        },
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.0.16"
        },
        {
            "introduced": "1.1.1"
        },
        {
            "fixed": "1.1.1zb"
        },
        {
            "introduced": "1.0.2"
        },
        {
            "fixed": "1.0.2zl"
        }
    ]
}

Affected versions

openssl-3.*
openssl-3.0.0
openssl-3.0.1
openssl-3.0.10
openssl-3.0.11
openssl-3.0.12
openssl-3.0.13
openssl-3.0.14
openssl-3.0.15
openssl-3.0.2
openssl-3.0.3
openssl-3.0.4
openssl-3.0.5
openssl-3.0.6
openssl-3.0.7
openssl-3.0.8
openssl-3.0.9
openssl-3.1.0
openssl-3.1.1
openssl-3.1.2
openssl-3.1.3
openssl-3.1.4
openssl-3.1.5
openssl-3.1.6
openssl-3.1.7
openssl-3.2.0
openssl-3.2.1
openssl-3.2.2
openssl-3.2.3
openssl-3.3.0
openssl-3.3.1
openssl-3.3.2
openssl-3.4.0

Database specific

source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-13176.json"
vanir_signatures_modified
"2026-07-14T17:20:36Z"
vanir_signatures
[
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
        "digest": {
            "line_hashes": [
                "127754948284799574646612715291914192370",
                "107633108841617456827974748623002941",
                "105128839132312456559305794417964519678",
                "220978175685594651981552750147750539139",
                "169600024918161393316340193772684852098",
                "117654638435679831764459313705877108896",
                "23928219980244535399498129546065066676",
                "293745726617568990317434370779477363519"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/ec/ec_lib.c"
        },
        "id": "CVE-2024-13176-02b65757"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
        "digest": {
            "length": 11318.0,
            "function_hash": "209975814518152852375258448294589197529"
        },
        "signature_version": "v1",
        "target": {
            "function": "BN_mod_exp_mont_consttime",
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-1033742d"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
        "digest": {
            "line_hashes": [
                "173589800300154267675612065402467888493",
                "129405406525769322493076198728768900113",
                "136800792888609131789496600562783967119",
                "159174750777734389295701369864010049181",
                "158807332022056555706233351020895631932",
                "81659307983826938737211959800551987670",
                "65661878801926066286695416919387343632",
                "331146051454193067843509155410151830908",
                "106927928807750830570996030094648112881",
                "246702777271085149088970109591189963124",
                "13553649955201634036089378149381067019",
                "48764857157202029741626741483796973376",
                "50856018716436605684813922551136358229",
                "334002642869357515784447868384854133811",
                "63758175942037580590598196895455058189",
                "191064388880109290899961512230526792681",
                "25026424422371339317817700797451463299"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-17ac49d3"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
        "digest": {
            "length": 11318.0,
            "function_hash": "209975814518152852375258448294589197529"
        },
        "signature_version": "v1",
        "target": {
            "function": "BN_mod_exp_mont_consttime",
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-23514e34"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
        "digest": {
            "line_hashes": [
                "173589800300154267675612065402467888493",
                "129405406525769322493076198728768900113",
                "136800792888609131789496600562783967119",
                "159174750777734389295701369864010049181",
                "158807332022056555706233351020895631932",
                "81659307983826938737211959800551987670",
                "65661878801926066286695416919387343632",
                "331146051454193067843509155410151830908",
                "106927928807750830570996030094648112881",
                "246702777271085149088970109591189963124",
                "13553649955201634036089378149381067019",
                "48764857157202029741626741483796973376",
                "50856018716436605684813922551136358229",
                "334002642869357515784447868384854133811",
                "63758175942037580590598196895455058189",
                "191064388880109290899961512230526792681",
                "25026424422371339317817700797451463299"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-2d5a8353"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
        "digest": {
            "line_hashes": [
                "251324203488872817167019601435108299733",
                "40806596891362736307168808995206433787",
                "112583956667954258596531188879431655895",
                "138582937579070891515807629355127583885"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/crypto/bn.h"
        },
        "id": "CVE-2024-13176-37feae62"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
        "digest": {
            "line_hashes": [
                "127754948284799574646612715291914192370",
                "107633108841617456827974748623002941",
                "105128839132312456559305794417964519678",
                "220978175685594651981552750147750539139",
                "169600024918161393316340193772684852098",
                "117654638435679831764459313705877108896",
                "23928219980244535399498129546065066676",
                "293745726617568990317434370779477363519"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/ec/ec_lib.c"
        },
        "id": "CVE-2024-13176-3e8d1eb9"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/4b1cb94a734a7d4ec363ac0a215a25c181e11f65",
        "digest": {
            "line_hashes": [
                "251324203488872817167019601435108299733",
                "40806596891362736307168808995206433787",
                "112583956667954258596531188879431655895",
                "138582937579070891515807629355127583885"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/crypto/bn.h"
        },
        "id": "CVE-2024-13176-3f42d259"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
        "digest": {
            "line_hashes": [
                "173589800300154267675612065402467888493",
                "129405406525769322493076198728768900113",
                "136800792888609131789496600562783967119",
                "159174750777734389295701369864010049181",
                "158807332022056555706233351020895631932",
                "81659307983826938737211959800551987670",
                "65661878801926066286695416919387343632",
                "331146051454193067843509155410151830908",
                "106927928807750830570996030094648112881",
                "246702777271085149088970109591189963124",
                "13553649955201634036089378149381067019",
                "48764857157202029741626741483796973376",
                "50856018716436605684813922551136358229",
                "334002642869357515784447868384854133811",
                "63758175942037580590598196895455058189",
                "191064388880109290899961512230526792681",
                "25026424422371339317817700797451463299"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-4140486d"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
        "digest": {
            "line_hashes": [
                "251324203488872817167019601435108299733",
                "40806596891362736307168808995206433787",
                "112583956667954258596531188879431655895",
                "138582937579070891515807629355127583885"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/crypto/bn.h"
        },
        "id": "CVE-2024-13176-48367449"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
        "digest": {
            "line_hashes": [
                "173589800300154267675612065402467888493",
                "129405406525769322493076198728768900113",
                "136800792888609131789496600562783967119",
                "159174750777734389295701369864010049181",
                "158807332022056555706233351020895631932",
                "81659307983826938737211959800551987670",
                "65661878801926066286695416919387343632",
                "331146051454193067843509155410151830908",
                "106927928807750830570996030094648112881",
                "246702777271085149088970109591189963124",
                "13553649955201634036089378149381067019",
                "48764857157202029741626741483796973376",
                "50856018716436605684813922551136358229",
                "334002642869357515784447868384854133811",
                "63758175942037580590598196895455058189",
                "191064388880109290899961512230526792681",
                "25026424422371339317817700797451463299"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-619982cd"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
        "digest": {
            "line_hashes": [
                "251324203488872817167019601435108299733",
                "40806596891362736307168808995206433787",
                "112583956667954258596531188879431655895",
                "138582937579070891515807629355127583885"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/crypto/bn.h"
        },
        "id": "CVE-2024-13176-75a092d4"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
        "digest": {
            "line_hashes": [
                "251324203488872817167019601435108299733",
                "40806596891362736307168808995206433787",
                "112583956667954258596531188879431655895",
                "138582937579070891515807629355127583885"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/crypto/bn.h"
        },
        "id": "CVE-2024-13176-948094f9"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/77c608f4c8857e63e98e66444e2e761c9627916f",
        "digest": {
            "length": 11318.0,
            "function_hash": "209975814518152852375258448294589197529"
        },
        "signature_version": "v1",
        "target": {
            "function": "BN_mod_exp_mont_consttime",
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-952fba80"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
        "digest": {
            "length": 11318.0,
            "function_hash": "209975814518152852375258448294589197529"
        },
        "signature_version": "v1",
        "target": {
            "function": "BN_mod_exp_mont_consttime",
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-9eef3609"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/07272b05b04836a762b4baa874958af51d513844",
        "digest": {
            "line_hashes": [
                "332405531834258800453855045674511600246",
                "158343597431739389122396850815921490520",
                "3701881040623673446980161294049765680",
                "220978175685594651981552750147750539139",
                "169600024918161393316340193772684852098",
                "117654638435679831764459313705877108896",
                "23928219980244535399498129546065066676",
                "293745726617568990317434370779477363519"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/ec/ec_lib.c"
        },
        "id": "CVE-2024-13176-b885df34"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e04bd3433fd84e1861bf258ea37928d9845e6a86",
        "digest": {
            "line_hashes": [
                "28170854778703993674264004058177114599",
                "73132526844288570625317440636111911761",
                "177405411499435185068645597737938634778",
                "224809958623850711330610094965797758930",
                "295554444428855106393106961197201359586"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "include/openssl/opensslv.h"
        },
        "id": "CVE-2024-13176-c377fa22"
    },
    {
        "deprecated": false,
        "signature_type": "Function",
        "source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
        "digest": {
            "length": 11318.0,
            "function_hash": "209975814518152852375258448294589197529"
        },
        "signature_version": "v1",
        "target": {
            "function": "BN_mod_exp_mont_consttime",
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-cd7ba068"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
        "digest": {
            "line_hashes": [
                "173589800300154267675612065402467888493",
                "129405406525769322493076198728768900113",
                "136800792888609131789496600562783967119",
                "159174750777734389295701369864010049181",
                "158807332022056555706233351020895631932",
                "81659307983826938737211959800551987670",
                "65661878801926066286695416919387343632",
                "331146051454193067843509155410151830908",
                "106927928807750830570996030094648112881",
                "246702777271085149088970109591189963124",
                "13553649955201634036089378149381067019",
                "48764857157202029741626741483796973376",
                "50856018716436605684813922551136358229",
                "334002642869357515784447868384854133811",
                "63758175942037580590598196895455058189",
                "191064388880109290899961512230526792681",
                "25026424422371339317817700797451463299"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/bn/bn_exp.c"
        },
        "id": "CVE-2024-13176-d57277e7"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/e818b74be2170fbe957a07b0da4401c2b694b3b8",
        "digest": {
            "line_hashes": [
                "251633914150035957322733061977107206211",
                "338514574181828579838011565939158652696",
                "76638288692106140328510055542557597351",
                "142922657400765574308962710386922248045",
                "71649992455794854055653842592139575350",
                "65527166711110472566013424527579064967",
                "253196866009476977787139000804413898733",
                "172177136897997206866313011107384691461"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/opensslv.h"
        },
        "id": "CVE-2024-13176-e051451f"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/392dcb336405a0c94486aa6655057f59fd3a0902",
        "digest": {
            "line_hashes": [
                "127754948284799574646612715291914192370",
                "107633108841617456827974748623002941",
                "105128839132312456559305794417964519678",
                "220978175685594651981552750147750539139",
                "169600024918161393316340193772684852098",
                "117654638435679831764459313705877108896",
                "23928219980244535399498129546065066676",
                "293745726617568990317434370779477363519"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/ec/ec_lib.c"
        },
        "id": "CVE-2024-13176-f39a6b13"
    },
    {
        "deprecated": false,
        "signature_type": "Line",
        "source": "https://github.com/openssl/openssl/commit/2af62e74fb59bc469506bc37eb2990ea408d9467",
        "digest": {
            "line_hashes": [
                "332405531834258800453855045674511600246",
                "158343597431739389122396850815921490520",
                "3701881040623673446980161294049765680",
                "220978175685594651981552750147750539139",
                "169600024918161393316340193772684852098",
                "117654638435679831764459313705877108896",
                "23928219980244535399498129546065066676",
                "293745726617568990317434370779477363519"
            ],
            "threshold": 0.9
        },
        "signature_version": "v1",
        "target": {
            "file": "crypto/ec/ec_lib.c"
        },
        "id": "CVE-2024-13176-fe59c5b4"
    }
]