QwikSec

Security Database

CVE

CWE

Training

CVE-2013-1619

Published: Feb 8, 2013

Modified: Aug 6, 2024

PUBLISHED

Description

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

third-party-advisory

x_refsource_SECUNIA

https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0

x_refsource_CONFIRM

http://www.gnutls.org/security.html#GNUTLS-SA-2013-1

x_refsource_CONFIRM

http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

x_refsource_MISC

third-party-advisory

x_refsource_SECUNIA

[oss-security] 20130205 Re: CVE request: TLS CBC padding timing flaw in various SSL / TLS implementations

mailing-list

x_refsource_MLIST

SUSE-SU-2014:0320

vendor-advisory

x_refsource_SUSE

SUSE-SU-2014:0322

vendor-advisory

x_refsource_SUSE

http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html

x_refsource_CONFIRM

vendor-advisory

x_refsource_UBUNTU

openSUSE-SU-2013:0807

vendor-advisory

x_refsource_SUSE

openSUSE-SU-2014:0346

vendor-advisory

x_refsource_SUSE

vendor-advisory

x_refsource_REDHAT

https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.