Lucene search

K
cve[email protected]CVE-2013-1619
HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1619

2013-02-0819:55:01
CWE-310
web.nvd.nist.gov
67
cve-2013-1619
gnutls
tls implementation
timing side-channel attacks
cbc padding
remote attackers
plaintext-recovery attacks
statistical analysis

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

NVD
Node
gnugnutlsMatch2.0.0
OR
gnugnutlsMatch2.0.1
OR
gnugnutlsMatch2.0.2
OR
gnugnutlsMatch2.0.3
OR
gnugnutlsMatch2.0.4
OR
gnugnutlsMatch2.1.0
OR
gnugnutlsMatch2.1.1
OR
gnugnutlsMatch2.1.2
OR
gnugnutlsMatch2.1.3
OR
gnugnutlsMatch2.1.4
OR
gnugnutlsMatch2.1.5
OR
gnugnutlsMatch2.1.6
OR
gnugnutlsMatch2.1.7
OR
gnugnutlsMatch2.1.8
OR
gnugnutlsMatch2.2.0
OR
gnugnutlsMatch2.2.1
OR
gnugnutlsMatch2.2.2
OR
gnugnutlsMatch2.2.3
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.3.0
OR
gnugnutlsMatch2.3.1
OR
gnugnutlsMatch2.3.2
OR
gnugnutlsMatch2.3.3
OR
gnugnutlsMatch2.3.4
OR
gnugnutlsMatch2.3.5
OR
gnugnutlsMatch2.3.6
OR
gnugnutlsMatch2.3.7
OR
gnugnutlsMatch2.3.8
OR
gnugnutlsMatch2.3.9
OR
gnugnutlsMatch2.3.10
OR
gnugnutlsMatch2.3.11
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.4.3
OR
gnugnutlsMatch2.5.0
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.7.4
OR
gnugnutlsMatch2.8.0
OR
gnugnutlsMatch2.8.1
OR
gnugnutlsMatch2.8.2
OR
gnugnutlsMatch2.8.3
OR
gnugnutlsMatch2.8.4
OR
gnugnutlsMatch2.8.5
OR
gnugnutlsMatch2.8.6
OR
gnugnutlsMatch2.10.0
OR
gnugnutlsMatch2.10.1
OR
gnugnutlsMatch2.10.2
OR
gnugnutlsMatch2.10.3
OR
gnugnutlsMatch2.10.4
OR
gnugnutlsMatch2.10.5
OR
gnugnutlsMatch2.12.0
OR
gnugnutlsMatch2.12.1
OR
gnugnutlsMatch2.12.2
OR
gnugnutlsMatch2.12.3
OR
gnugnutlsMatch2.12.4
OR
gnugnutlsMatch2.12.5
OR
gnugnutlsMatch2.12.6
OR
gnugnutlsMatch2.12.6.1
OR
gnugnutlsMatch2.12.7
OR
gnugnutlsMatch2.12.8
OR
gnugnutlsMatch2.12.9
OR
gnugnutlsMatch2.12.10
OR
gnugnutlsMatch2.12.11
OR
gnugnutlsMatch2.12.12
OR
gnugnutlsMatch2.12.13
OR
gnugnutlsMatch2.12.14
OR
gnugnutlsMatch2.12.15
OR
gnugnutlsMatch2.12.16
OR
gnugnutlsMatch2.12.17
OR
gnugnutlsMatch2.12.18
OR
gnugnutlsMatch2.12.19
OR
gnugnutlsMatch2.12.20
OR
gnugnutlsMatch2.12.21
OR
gnugnutlsMatch2.12.22
Node
gnugnutlsMatch3.0
OR
gnugnutlsMatch3.0.0
OR
gnugnutlsMatch3.0.1
OR
gnugnutlsMatch3.0.2
OR
gnugnutlsMatch3.0.3
OR
gnugnutlsMatch3.0.4
OR
gnugnutlsMatch3.0.5
OR
gnugnutlsMatch3.0.6
OR
gnugnutlsMatch3.0.7
OR
gnugnutlsMatch3.0.8
OR
gnugnutlsMatch3.0.9
OR
gnugnutlsMatch3.0.10
OR
gnugnutlsMatch3.0.11
OR
gnugnutlsMatch3.0.12
OR
gnugnutlsMatch3.0.13
OR
gnugnutlsMatch3.0.14
OR
gnugnutlsMatch3.0.15
OR
gnugnutlsMatch3.0.16
OR
gnugnutlsMatch3.0.17
OR
gnugnutlsMatch3.0.18
OR
gnugnutlsMatch3.0.19
OR
gnugnutlsMatch3.0.20
OR
gnugnutlsMatch3.0.21
OR
gnugnutlsMatch3.0.22
OR
gnugnutlsMatch3.0.23
OR
gnugnutlsMatch3.0.24
OR
gnugnutlsMatch3.0.25
OR
gnugnutlsMatch3.0.26
OR
gnugnutlsMatch3.0.27
Node
gnugnutlsMatch3.1.0
OR
gnugnutlsMatch3.1.1
OR
gnugnutlsMatch3.1.2
OR
gnugnutlsMatch3.1.3
OR
gnugnutlsMatch3.1.4
OR
gnugnutlsMatch3.1.5
OR
gnugnutlsMatch3.1.6

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.8 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%