Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2013-0169HistoryFeb 08, 2013 - 7:55 p.m.
CVE-2013-0169
2013-02-0819:55:00
Debian Security Bug Tracker
security-tracker.debian.org
17
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.9%
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the “Lucky Thirteen” issue.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 12 | all | bouncycastle | < 1.48+dfsg-2 | bouncycastle_1.48+dfsg-2_all.deb |
| Debian | 11 | all | bouncycastle | < 1.48+dfsg-2 | bouncycastle_1.48+dfsg-2_all.deb |
| Debian | 10 | all | bouncycastle | < 1.48+dfsg-2 | bouncycastle_1.48+dfsg-2_all.deb |
| Debian | 999 | all | bouncycastle | < 1.48+dfsg-2 | bouncycastle_1.48+dfsg-2_all.deb |
| Debian | 13 | all | bouncycastle | < 1.48+dfsg-2 | bouncycastle_1.48+dfsg-2_all.deb |
| Debian | 12 | all | gnutls28 | < 3.0.22-3 | gnutls28_3.0.22-3_all.deb |
| Debian | 11 | all | gnutls28 | < 3.0.22-3 | gnutls28_3.0.22-3_all.deb |
| Debian | 10 | all | gnutls28 | < 3.0.22-3 | gnutls28_3.0.22-3_all.deb |
| Debian | 999 | all | gnutls28 | < 3.0.22-3 | gnutls28_3.0.22-3_all.deb |
| Debian | 13 | all | gnutls28 | < 3.0.22-3 | gnutls28_3.0.22-3_all.deb |
Related
nessus
nessus
IBM Tivoli Storage Manager Server 6.3.x < 6.3.4.200 Information Disclosure
2014-08-11 00:00:00
Ipswitch IMail Server 11.x / 12.x < 12.3 Information Disclosure
2014-07-14 00:00:00
F5 Networks BIG-IP : TLS/DTLS 'Lucky 13' vulnerability (K14190)
2014-10-10 00:00:00
ibm
ibm
securityvulns
securityvulns
ESA-2013-032 RSA BSAFE® Micro Edition Suite Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-045: RSA BSAFE® SSL-C Security Update for SSL/TLS Plaintext Recovery (aka “Lucky Thirteen”) Vulnerability
2013-07-15 00:00:00
ESA-2013-039: RSA BSAFE® SSL-J Multiple Vulnerabilities
2014-04-07 00:00:00
veracode
veracode
Timing Attacks
2017-02-10 05:59:15
Timing Side- Channel Attack
2019-01-15 08:52:54
Padding Oracle Attack
2017-01-27 03:10:31
openvas
openvas
Slackware: Security Advisory (SSA:2013-042-01)
2022-04-21 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Linux
2021-08-17 00:00:00
OpenSSL: SSL, TLS and DTLS Plaintext Recovery Attack (20130205) - Windows
2021-08-17 00:00:00
f5
f5
K14190 : TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2015-04-30 00:00:00
SOL14190 - TLS/DTLS 'Lucky 13' vulnerability CVE-2013-0169
2013-02-08 00:00:00
K15637 : GnuTLS vulnerability CVE-2013-2116
2014-10-16 00:00:00
ubuntucve
ubuntucve
slackware
slackware
openssl
2013-02-11 23:49:59
openssl
openssl
Vulnerability in OpenSSL CVE-2013-0169
2013-02-04 00:00:00
Vulnerability in OpenSSL CVE-2016-2107
2016-05-03 00:00:00
hackerone
hackerone
Legal Robot: LUCKY13 (CVE-2013-0169) effects legalrobot.com
2017-07-30 20:00:47
prion
prion
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2013-02-08 19:55:00
Design/Logic Flaw
2016-05-05 01:59:00
cve
cve
suse
suse
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 18:04:30
Security update for Java (important)
2013-02-22 20:04:33
java-1_6_0-openjdk: update to icedtea 1.12.3 (important)
2013-03-01 17:04:41
osv
osv
CVE-2016-2107
2016-05-05 01:59:00
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
openssl - several vulnerabilities
2013-02-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package openssl1.1 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 9 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
Security fix for the ALT Linux 6 package openssl10 version 1.0.0k-alt1
2013-02-27 00:00:00
centos
centos
java security update
2013-02-20 20:11:32
java security update
2013-02-20 20:33:43
debiancve
debiancve
freebsd
freebsd
FreeBSD -- OpenSSL multiple vulnerabilities
2013-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 18 Update: mingw-openssl-1.0.1e-1.fc18
2013-04-03 04:51:11
[SECURITY] Fedora 18 Update: openssl-1.0.1e-3.fc18
2013-03-02 19:55:52
[SECURITY] Fedora 18 Update: polarssl-1.2.9-1.fc18
2013-10-14 17:17:04
oraclelinux
oraclelinux
java-1.6.0-openjdk security update
2013-02-20 00:00:00
java-1.6.0-openjdk security update
2013-02-20 00:00:00
amazon
amazon
Critical: openssl
2014-04-07 17:26:00
Important: java-1.6.0-openjdk
2013-03-02 16:50:00
redhat
redhat
(RHSA-2013:0783) Moderate: openssl security update
2013-05-01 17:58:17
(RHSA-2013:0274) Important: java-1.6.0-openjdk security update
2013-02-20 00:00:00
(RHSA-2013:0273) Critical: java-1.6.0-openjdk security update
2013-02-20 00:00:00
alpinelinux
alpinelinux
CVE-2016-2107
2016-05-05 01:59:00
CVE-2018-0497
2018-07-28 17:29:00
freebsd_advisory
freebsd_advisory
FreeBSD-SA-13:03.openssl
2013-04-02 00:00:00
ubuntu
ubuntu
OpenSSL vulnerability
2013-03-25 00:00:00
OpenSSL regression
2013-02-28 00:00:00
github
github
Improper Input Validation in Bouncy Castle
2022-05-14 02:14:04
debian
debian
[SECURITY] [DSA 2621-1] openssl security update
2013-02-13 20:07:41
aix
aix
Multiple OpenSSL vulnerabilities
2013-03-15 03:20:11
AIX OpenSSH Vulnerability
2013-04-08 15:19:58
2.6 Low
CVSS2
Access Vector
NETWORK
Access Complexity
HIGH
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:H/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.9%
Related for DEBIANCVE:CVE-2013-0169