Array index error in the SSL module in PolarSSL before 1.2.5 might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session, a different vulnerability than CVE-2013-0169.

References

openwall.com/lists/oss-security/2013/02/05/24

www.debian.org/security/2013/dsa-2622

www.isg.rhul.ac.uk/tls/TLStiming.pdf

polarssl.org/tech-updates/releases/polarssl-1.2.5-released

nvd 9

cve 9

ubuntucve 9

prion 9

openvas 34

fedora 5

debian 2

securityvulns 5

nessus 34

osv 4

mageia 1

ibm 24

veracode 3

f5 9

slackware 1

openssl 1

cvelist 8

hackerone 1

debiancve 6

pentestpartners 1

gentoo 1

altlinux 5

oraclelinux 1

amazon 1

suse 2

centos 2

freebsd 1

redhat 3

aix 2

freebsd_advisory 1

alpinelinux 2

ubuntu 2

github 1

nvd

CVE-2013-1621

2013-02-08 19:55:01

CVE-2013-0169

2013-02-08 19:55:01

CVE-2013-2116

2013-07-03 18:55:01

cve

CVE-2013-1621

2013-02-08 19:55:01

CVE-2013-0169

2013-02-08 19:55:01

CVE-2013-1619

2013-02-08 19:55:01

ubuntucve

CVE-2013-1621

2013-02-08 00:00:00

CVE-2013-0169

2013-02-08 00:00:00

CVE-2013-1624

2013-02-08 00:00:00

prion

Code injection

2013-02-08 19:55:00

Design/Logic Flaw

2013-02-08 19:55:00

Code injection

2018-07-28 17:29:00

openvas

Fedora Update for polarssl FEDORA-2013-18251

2013-10-15 00:00:00

Fedora Update for polarssl FEDORA-2013-18251

2013-10-15 00:00:00

Debian: Security Advisory (DSA-2622-1)

2013-02-12 00:00:00

fedora

[SECURITY] Fedora 18 Update: polarssl-1.2.9-1.fc18

2013-10-14 07:00:42

[SECURITY] Fedora 18 Update: polarssl-1.2.9-1.fc18

2013-10-14 17:17:04

[SECURITY] Fedora 18 Update: polarssl-1.2.8-1.fc18

2013-09-20 16:27:34

debian

[SECURITY] [DSA 2622-1] polarssl security update

2013-02-13 20:17:01

[SECURITY] [DSA 2621-1] openssl security update

2013-02-13 20:07:41

securityvulns

[SECURITY] [DSA 2622-1] polarssl security update

2013-02-14 00:00:00

OpenSSL / PolarSSL / GnuTLS security vulnerabilities

2013-03-02 00:00:00

ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability

2013-07-15 00:00:00

nessus

Debian DSA-2622-1 : polarssl - several vulnerabilities

2013-02-14 00:00:00

OpenSSL 1.0.1 < 1.0.1e Information Disclosure

2013-02-13 00:00:00

IBM GSKit 7.x < 7.0.4.45 / 8.0.14.x < 8.0.14.27 TLS Side-Channel Timing Information Disclosure

2013-07-10 00:00:00

osv

polarssl - several

2013-02-13 00:00:00

Improper Input Validation in Bouncy Castle

2022-05-14 02:14:04

CVE-2016-2107

2016-05-05 01:59:00

mageia

Updated polarssl package fixes security vulnerabilities

2013-09-25 01:41:53

ibm

Security Bulletin: InfoSphere Data Replication Dashboard is affected by a vulnerability in the IBM JRE (CVE-2013-0169)

2022-09-25 22:39:39

Security Bulletin: Vulnerability in IBM Rational ClearCase (GSKit component) with potential for TLS Attack (CVE-2013-0169)

2018-07-10 08:34:12

Security Bulletin: IBM FileNet Business Process Manager – Oracle Critical Patch Updates April 2013 (CVE-2013-0169)

2022-09-25 21:06:56

veracode

Timing Attacks

2017-02-10 05:59:15

Timing Side- Channel Attack

2019-01-15 08:52:54

Padding Oracle Attack

2017-01-27 03:10:31

K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

2015-04-30 00:00:00

SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169

2013-02-08 00:00:00

K15622 : wolfSSL CyaSSL vulnerability CVE-2013-1623

2014-09-25 00:00:00

slackware

openssl

2013-02-11 23:49:59

openssl

Vulnerability in OpenSSL CVE-2013-0169

2013-02-04 00:00:00

cvelist

CVE-2013-0169

2013-02-08 19:00:00

CVE-2013-2116

2013-07-03 18:00:00

CVE-2016-2107

2016-05-05 00:00:00

hackerone

Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com

2017-07-30 20:00:47

debiancve

CVE-2013-0169

2013-02-08 19:55:01

CVE-2018-0497

2018-07-28 17:29:00

CVE-2013-1624

2013-02-08 19:55:01

pentestpartners

Vulnerabilities that (mostly) aren’t: LUCKY13

2024-05-03 05:12:27

gentoo

PolarSSL: Multiple vulnerabilities

2013-10-17 00:00:00

altlinux

Security fix for the ALT Linux 7 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1

2013-02-27 00:00:00

Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1

2013-02-27 00:00:00

oraclelinux

java-1.6.0-openjdk security update

2013-02-20 00:00:00

amazon

Critical: openssl

2014-04-07 17:26:00

suse

Security update for Java (important)

2013-02-22 20:04:33

java-1_6_0-openjdk: update to icedtea 1.12.3 (important)

2013-03-01 18:04:30

centos

java security update

2013-02-20 20:11:32

java security update

2013-02-20 20:33:43

freebsd

FreeBSD -- OpenSSL multiple vulnerabilities

2013-04-02 00:00:00

redhat

(RHSA-2013:0783) Moderate: openssl security update

2013-05-01 17:58:17

(RHSA-2013:0274) Important: java-1.6.0-openjdk security update

2013-02-20 00:00:00

(RHSA-2013:0273) Critical: java-1.6.0-openjdk security update

2013-02-20 00:00:00

aix

AIX OpenSSH Vulnerability

2013-04-08 15:19:58

Multiple OpenSSL vulnerabilities

2013-03-15 03:20:11

freebsd_advisory

FreeBSD-SA-13:03.openssl

2013-04-02 00:00:00

alpinelinux

CVE-2016-2107

2016-05-05 01:59:03

CVE-2018-0497

2018-07-28 17:29:00

ubuntu

OpenSSL regression

2013-02-28 00:00:00

OpenSSL vulnerability

2013-03-25 00:00:00

github

Improper Input Validation in Bouncy Castle

2022-05-14 02:14:04

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

6.3 Medium

AI Score

Confidence

High

0.007 Low

EPSS

Percentile

80.3%

JSON

Related for CVELIST:CVE-2013-1621