Описание
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | released | 3.14.3-0ubuntu1 |
| hardy | ignored | end of life |
| lucid | released | 3.14.3-0ubuntu0.10.04.1 |
| oneiric | released | 3.14.3-0ubuntu0.11.10.1 |
| precise | released | 3.14.3-0ubuntu0.12.04.1 |
| quantal | released | 3.14.3-0ubuntu0.12.10.1 |
| upstream | released | 3.14.3 |
Показывать по
Ссылки на источники
EPSS
4.3 Medium
CVSS2
Связанные уязвимости
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
The TLS implementation in Mozilla Network Security Services (NSS) does ...
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
ELSA-2013-1144: nss, nss-util, nss-softokn, and nspr security update (MODERATE)
EPSS
4.3 Medium
CVSS2