CWE-208: Observable Timing Discrepancy
low-riskTwo separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.
Abstraction: Base
Common Consequences
Confidentiality
→
Read Application Data
Real-World Examples (10)
| CVE | CVSS | EPSS | KEV |
|---|---|---|---|
| CVE-2024-29995 | 8.1 | 6.1% | — |
| CVE-2024-54772 | 5.4 | 2.0% | — |
| CVE-2024-23953 | 6.5 | 1.5% | — |
| CVE-2019-9494 | 5.9 | 1.4% | — |
| CVE-2019-16782 | 6.3 | 1.3% | — |
| CVE-2023-5981 | 5.9 | 0.9% | — |
| CVE-2022-31142 | 7.5 | 0.7% | — |
| CVE-2024-23342 | 7.4 | 0.6% | — |
| CVE-2020-1926 | 5.9 | 0.5% | — |
| CVE-2024-36405 | 5.9 | 0.5% | — |
0
/ 100
low-risk
Active Threat
0/50 · Minimal
Exploit Availability
0/50 · Minimal