Lucene search

K
nvd[email protected]NVD:CVE-2013-1619
HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1619

2013-02-0819:55:01
CWE-310
web.nvd.nist.gov
2

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

77.3%

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

NVD
Node
gnugnutlsMatch2.0.0
OR
gnugnutlsMatch2.0.1
OR
gnugnutlsMatch2.0.2
OR
gnugnutlsMatch2.0.3
OR
gnugnutlsMatch2.0.4
OR
gnugnutlsMatch2.1.0
OR
gnugnutlsMatch2.1.1
OR
gnugnutlsMatch2.1.2
OR
gnugnutlsMatch2.1.3
OR
gnugnutlsMatch2.1.4
OR
gnugnutlsMatch2.1.5
OR
gnugnutlsMatch2.1.6
OR
gnugnutlsMatch2.1.7
OR
gnugnutlsMatch2.1.8
OR
gnugnutlsMatch2.2.0
OR
gnugnutlsMatch2.2.1
OR
gnugnutlsMatch2.2.2
OR
gnugnutlsMatch2.2.3
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.3.0
OR
gnugnutlsMatch2.3.1
OR
gnugnutlsMatch2.3.2
OR
gnugnutlsMatch2.3.3
OR
gnugnutlsMatch2.3.4
OR
gnugnutlsMatch2.3.5
OR
gnugnutlsMatch2.3.6
OR
gnugnutlsMatch2.3.7
OR
gnugnutlsMatch2.3.8
OR
gnugnutlsMatch2.3.9
OR
gnugnutlsMatch2.3.10
OR
gnugnutlsMatch2.3.11
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.4.3
OR
gnugnutlsMatch2.5.0
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.7.4
OR
gnugnutlsMatch2.8.0
OR
gnugnutlsMatch2.8.1
OR
gnugnutlsMatch2.8.2
OR
gnugnutlsMatch2.8.3
OR
gnugnutlsMatch2.8.4
OR
gnugnutlsMatch2.8.5
OR
gnugnutlsMatch2.8.6
OR
gnugnutlsMatch2.10.0
OR
gnugnutlsMatch2.10.1
OR
gnugnutlsMatch2.10.2
OR
gnugnutlsMatch2.10.3
OR
gnugnutlsMatch2.10.4
OR
gnugnutlsMatch2.10.5
OR
gnugnutlsMatch2.12.0
OR
gnugnutlsMatch2.12.1
OR
gnugnutlsMatch2.12.2
OR
gnugnutlsMatch2.12.3
OR
gnugnutlsMatch2.12.4
OR
gnugnutlsMatch2.12.5
OR
gnugnutlsMatch2.12.6
OR
gnugnutlsMatch2.12.6.1
OR
gnugnutlsMatch2.12.7
OR
gnugnutlsMatch2.12.8
OR
gnugnutlsMatch2.12.9
OR
gnugnutlsMatch2.12.10
OR
gnugnutlsMatch2.12.11
OR
gnugnutlsMatch2.12.12
OR
gnugnutlsMatch2.12.13
OR
gnugnutlsMatch2.12.14
OR
gnugnutlsMatch2.12.15
OR
gnugnutlsMatch2.12.16
OR
gnugnutlsMatch2.12.17
OR
gnugnutlsMatch2.12.18
OR
gnugnutlsMatch2.12.19
OR
gnugnutlsMatch2.12.20
OR
gnugnutlsMatch2.12.21
OR
gnugnutlsMatch2.12.22
Node
gnugnutlsMatch3.0
OR
gnugnutlsMatch3.0.0
OR
gnugnutlsMatch3.0.1
OR
gnugnutlsMatch3.0.2
OR
gnugnutlsMatch3.0.3
OR
gnugnutlsMatch3.0.4
OR
gnugnutlsMatch3.0.5
OR
gnugnutlsMatch3.0.6
OR
gnugnutlsMatch3.0.7
OR
gnugnutlsMatch3.0.8
OR
gnugnutlsMatch3.0.9
OR
gnugnutlsMatch3.0.10
OR
gnugnutlsMatch3.0.11
OR
gnugnutlsMatch3.0.12
OR
gnugnutlsMatch3.0.13
OR
gnugnutlsMatch3.0.14
OR
gnugnutlsMatch3.0.15
OR
gnugnutlsMatch3.0.16
OR
gnugnutlsMatch3.0.17
OR
gnugnutlsMatch3.0.18
OR
gnugnutlsMatch3.0.19
OR
gnugnutlsMatch3.0.20
OR
gnugnutlsMatch3.0.21
OR
gnugnutlsMatch3.0.22
OR
gnugnutlsMatch3.0.23
OR
gnugnutlsMatch3.0.24
OR
gnugnutlsMatch3.0.25
OR
gnugnutlsMatch3.0.26
OR
gnugnutlsMatch3.0.27
Node
gnugnutlsMatch3.1.0
OR
gnugnutlsMatch3.1.1
OR
gnugnutlsMatch3.1.2
OR
gnugnutlsMatch3.1.3
OR
gnugnutlsMatch3.1.4
OR
gnugnutlsMatch3.1.5
OR
gnugnutlsMatch3.1.6

CVSS2

4

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.6

Confidence

High

EPSS

0.005

Percentile

77.3%