Описание
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | DNE | |
| hardy | released | 2.0.4-1ubuntu2.9 |
| lucid | DNE | |
| oneiric | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| quantal | DNE | |
| raring | DNE | |
| saucy | DNE |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | DNE | |
| esm-infra-legacy/trusty | not-affected | 2.12.23-1ubuntu1 |
| hardy | DNE | |
| lucid | released | 2.8.5-2ubuntu0.3 |
| oneiric | released | 2.10.5-1ubuntu3.3 |
| precise | released | 2.12.14-5ubuntu3.2 |
| precise/esm | not-affected | 2.12.14-5ubuntu3.2 |
| quantal | released | 2.12.14-5ubuntu4.2 |
| raring | not-affected | 2.12.23-1ubuntu1 |
| saucy | not-affected | 2.12.23-1ubuntu1 |
Показывать по
| Релиз | Статус | Примечание |
|---|---|---|
| devel | not-affected | 3.2.11-2ubuntu1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [3.2.11-2ubuntu1]] |
| esm-infra/xenial | not-affected | 3.2.11-2ubuntu1 |
| hardy | DNE | |
| lucid | DNE | |
| oneiric | DNE | |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| quantal | ignored | end of life |
| raring | ignored | end of life |
Показывать по
EPSS
4 Medium
CVSS2
Связанные уязвимости
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, ...
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
EPSS
4 Medium
CVSS2