vulnerability

Alpine Linux: CVE-2024-23771: Observable Discrepancy

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
10	(AV:N/AC:L/Au:N/C:C/I:C/A:C)	Jan 22, 2024	Mar 21, 2024	Dec 23, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:C/I:C/A:C)

Published

Jan 22, 2024

Added

Mar 21, 2024

Modified

Dec 23, 2025

Description

darkhttpd before 1.15 uses strcmp (which is not constant time) to verify authentication, which makes it easier for remote attackers to bypass authentication via a timing side channel.

Solution

alpine-linux-upgrade-darkhttpd

References

CVE-2024-23771
https://attackerkb.com/topics/CVE-2024-23771
URL-https://security.alpinelinux.org/vuln/CVE-2024-23771
CWE-203

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today