Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-1619

Опубликовано: 04 фев. 2013
Источник: redhat
CVSS2: 5.1
EPSS Низкий

Описание

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 6mingw32-gnutlsWill not fix
Red Hat Enterprise Linux 5gnutlsFixedRHSA-2013:058804.03.2013
Red Hat Enterprise Linux 6gnutlsFixedRHSA-2013:058804.03.2013
RHEV 3.X Hypervisor and Agents for RHEL-6rhev-hypervisor6FixedRHSA-2013:063613.03.2013

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=908238gnutls: TLS CBC padding timing attack (lucky-13)

EPSS

Процентиль: 78%
0.01222
Низкий

5.1 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-1619

ubuntu
больше 12 лет назад

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

nvd логотип

CVE-2013-1619

nvd
больше 12 лет назад

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

debian логотип

CVE-2013-1619

debian
больше 12 лет назад

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...

github логотип

GHSA-qmwj-552p-59h4

github
около 3 лет назад

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

oracle-oval логотип

ELSA-2013-0588

oracle-oval
больше 12 лет назад

ELSA-2013-0588: gnutls security update (MODERATE)

EPSS

Процентиль: 78%
0.01222
Низкий

5.1 Medium

CVSS2

Уязвимость CVE-2013-1619