Back to search
CVE-2013-0169
Published: Feb 8, 2013
Modified: Aug 6, 2024
PUBLISHED
Description
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-lts-announce] 20180925 [SECURITY] [DLA 1518-1] polarssl security update
mailing-list
x_refsource_MLIST
http://www.matrixssl.org/news.html
x_refsource_CONFIRM
RHSA-2013:0587
vendor-advisory
x_refsource_REDHAT
GLSA-201406-32
vendor-advisory
x_refsource_GENTOO
FEDORA-2013-4403
vendor-advisory
x_refsource_FEDORA
TA13-051A
third-party-advisory
x_refsource_CERT
oval:org.mitre.oval:def:19016
vdb-entry
signature
x_refsource_OVAL
MDVSA-2013:095
vendor-advisory
x_refsource_MANDRIVA
55139
third-party-advisory
x_refsource_SECUNIA
55322
third-party-advisory
x_refsource_SECUNIA
oval:org.mitre.oval:def:19608
vdb-entry
signature
x_refsource_OVAL
http://www.openssl.org/news/secadv_20130204.txt
x_refsource_CONFIRM
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
x_refsource_CONFIRM
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
x_refsource_MISC
openSUSE-SU-2013:0378
vendor-advisory
x_refsource_SUSE
DSA-2622
vendor-advisory
x_refsource_DEBIAN
57778
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
x_refsource_CONFIRM
[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations
mailing-list
x_refsource_MLIST
RHSA-2013:1455
vendor-advisory
x_refsource_REDHAT
55351
third-party-advisory
x_refsource_SECUNIA
HPSBUX02856
vendor-advisory
x_refsource_HP
https://puppet.com/security/cve/cve-2013-0169
x_refsource_CONFIRM
SSRT101289
vendor-advisory
x_refsource_HP
openSUSE-SU-2016:0640
vendor-advisory
x_refsource_SUSE
SSRT101108
vendor-advisory
x_refsource_HP
SUSE-SU-2013:0328
vendor-advisory
x_refsource_SUSE
RHSA-2013:0833
vendor-advisory
x_refsource_REDHAT
USN-1735-1
vendor-advisory
x_refsource_UBUNTU
SUSE-SU-2014:0320
vendor-advisory
x_refsource_SUSE
HPSBUX02857
vendor-advisory
x_refsource_HP
53623
third-party-advisory
x_refsource_SECUNIA
SUSE-SU-2013:0701
vendor-advisory
x_refsource_SUSE
VU#737740
third-party-advisory
x_refsource_CERT-VN
oval:org.mitre.oval:def:19424
vdb-entry
signature
x_refsource_OVAL
HPSBUX02909
vendor-advisory
x_refsource_HP
DSA-2621
vendor-advisory
x_refsource_DEBIAN
RHSA-2013:0783
vendor-advisory
x_refsource_REDHAT
HPSBMU02874
vendor-advisory
x_refsource_HP
APPLE-SA-2013-09-12-1
vendor-advisory
x_refsource_APPLE
55108
third-party-advisory
x_refsource_SECUNIA
RHSA-2013:0782
vendor-advisory
x_refsource_REDHAT
HPSBOV02852
vendor-advisory
x_refsource_HP
SSRT101103
vendor-advisory
x_refsource_HP
SSRT101104
vendor-advisory
x_refsource_HP
SUSE-SU-2015:0578
vendor-advisory
x_refsource_SUSE
openSUSE-SU-2013:0375
vendor-advisory
x_refsource_SUSE
https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released
x_refsource_CONFIRM
oval:org.mitre.oval:def:19540
vdb-entry
signature
x_refsource_OVAL
1029190
vdb-entry
x_refsource_SECTRACK
oval:org.mitre.oval:def:18841
vdb-entry
signature
x_refsource_OVAL
http://www.splunk.com/view/SP-CAAAHXG
x_refsource_CONFIRM
RHSA-2013:1456
vendor-advisory
x_refsource_REDHAT
http://support.apple.com/kb/HT5880
x_refsource_CONFIRM
SSRT101184
vendor-advisory
x_refsource_HP
55350
third-party-advisory
x_refsource_SECUNIA
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf
x_refsource_CONFIRM
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now