Lucene search
Alpine Linux Development TeamALPINE:CVE-2024-23771HistoryJan 22, 2024 - 4:15 a.m.
CVE-2024-23771
2024-01-2204:15:07
Alpine Linux Development Team
security.alpinelinux.org
8
darkhttpd
authentication
vulnerability
remote attackers
timing side channel
unix
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.9%
darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | 3.19-main | noarch | darkhttpd | = 1.14-r1 | UNKNOWN |
| Alpine | 3.18-main | noarch | darkhttpd | = 1.14-r1 | UNKNOWN |
| Alpine | 3.17-main | noarch | darkhttpd | = 1.14-r0 | UNKNOWN |
| Alpine | 3.16-main | noarch | darkhttpd | = 1.14-r0 | UNKNOWN |
| Alpine | edge-main | noarch | darkhttpd | < 1.15-r0 | UNKNOWN |
| Alpine | 3.20-main | noarch | darkhttpd | < 1.15-r0 | UNKNOWN |
Related
veracode
veracode
Timing Side-Channel Attack
2024-01-30 16:42:20
prion
prion
Authentication flaw
2024-01-22 04:15:00
cvelist
cvelist
CVE-2024-23771
2024-01-22 00:00:00
osv
osv
CVE-2024-23771
2024-01-22 04:15:07
nvd
nvd
CVE-2024-23771
2024-01-22 04:15:07
cve
cve
CVE-2024-23771
2024-01-22 04:15:07
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
45.9%
Related for ALPINE:CVE-2024-23771