CVE-2024-2236 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
redhat	CNA	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 45%

Debian Releases

Debian Product

Codename

libgcrypt20

bullseye	unimportant
bookworm	unimportant
sid	unimportant
trixie	unimportant

Ubuntu Releases

Ubuntu Product

Codename

libgcrypt11

plucky	dne
oracular	dne
noble	dne
mantic	dne
jammy	dne
focal	dne
trusty	deferred

libgcrypt20

plucky	deferred
oracular	deferred
noble	deferred
mantic	ignored
jammy	deferred
focal	deferred
bionic	deferred
xenial	deferred

Common Weakness Enumeration

CWE-208 - Observable Timing Discrepancy
Two separate operations in a product require different amounts of time to complete, in a way that is observable to an actor and reveals security-relevant information about the state of the product, such as whether a particular operation was successful or not.

References

https://access.redhat.com/errata/RHSA-2024:9404

https://access.redhat.com/errata/RHSA-2025:3530

https://access.redhat.com/errata/RHSA-2025:3534

https://access.redhat.com/security/cve/CVE-2024-2236

https://bugzilla.redhat.com/show_bug.cgi?id=2245218

https://access.redhat.com/security/cve/CVE-2024-2236

https://bugzilla.redhat.com/show_bug.cgi?id=2245218

https://bugzilla.redhat.com/show_bug.cgi?id=2268268