Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-1619
HistoryFeb 08, 2013 - 12:00 a.m.

CVE-2013-1619

2013-02-0800:00:00
ubuntu.com
ubuntu.com
12

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and
3.1.x before 3.1.7 does not properly consider timing side-channel attacks
on a noncompliant MAC check operation during the processing of malformed
CBC padding, which allows remote attackers to conduct distinguishing
attacks and plaintext-recovery attacks via statistical analysis of timing
data for crafted packets, a related issue to CVE-2013-0169.

Bugs

Notes

Author Note
jdstrand LP: #1166634 is reported as a regression
OSVersionArchitecturePackageVersionFilename
ubuntu8.04noarchgnutls13< 2.0.4-1ubuntu2.9UNKNOWN
ubuntu10.04noarchgnutls26< 2.8.5-2ubuntu0.3UNKNOWN
ubuntu11.10noarchgnutls26< 2.10.5-1ubuntu3.3UNKNOWN
ubuntu12.04noarchgnutls26< 2.12.14-5ubuntu3.2UNKNOWN
ubuntu12.10noarchgnutls26< 2.12.14-5ubuntu4.2UNKNOWN

4 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

0.004 Low

EPSS

Percentile

74.6%

Related for UB:CVE-2013-1619