How severe is CVE-2017-2624?

This vulnerability has a severity rating of HIGH with a CVSS score of 7 out of 10.

What type of vulnerability is CVE-2017-2624?

This is classified as CWE-385, which is a common weakness in software security.

CVE-2017-2624

HIGH Year: 2017

CVSS v3 Score

7.0

High

CVSS v2 Score

1.9

Low

Weakness Type

CWE-385

View all →

Vulnerability Description

It was found that xorg-x11-server before 1.19.0 including uses memcmp() to check the received MIT cookie against a series of valid cookies. If the cookie is correct, it is allowed to attach to the Xorg session. Since most memcmp() implementations return after an invalid byte is seen, this causes a time difference between a valid and invalid byte, which could allow an efficient brute force attack.

CVE-2023-46809

HIGH

CVSS:7.4(High)

Node.js versions which bundle an unpatched version of OpenSSL or run against a dynamically linked version of OpenSSL which are unpatched are vulnerable to the Marvin Attack - https://people.redhat.com...

CWE-3852023

CVE-2025-0306

HIGH

CVSS:7.4(High)

A vulnerability was found in Ruby. The Ruby interpreter is vulnerable to the Marvin Attack. This attack allows the attacker to decrypt previously encrypted messages or forge signatures by exchanging a...

CWE-3852025

CVE-2022-24409

HIGH

CVSS:7.5(High)

Dell BSAFE SSL-J contains remediation for a covert timing channel vulnerability that may be exploited by malicious users to compromise the affected system. Only customers with active BSAFE maintenance...

CWE-3852022

CVE-2024-25964

HIGH

CVSS:7.5(High)

Dell PowerScale OneFS 9.5.0.x through 9.7.0.x contain a covert timing channel vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to denial of servic...

CWE-3852024

CVE-2018-10844

MEDIUM

CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-256 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plaintext-recove...

CWE-3852018

CVE-2018-10845

MEDIUM

CVSS:5.9(Medium)

It was found that the GnuTLS implementation of HMAC-SHA-384 was vulnerable to a Lucky thirteen style attack. Remote attackers could use this flaw to conduct distinguishing attacks and plain text recov...

CWE-3852018

CVE-2017-2624

Vulnerability Description

Related Vulnerabilities

CVE-2023-46809

CVE-2025-0306

CVE-2022-24409

CVE-2024-25964

CVE-2018-10844

CVE-2018-10845