Lucene search

MitreCVE-2013-1619

HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1619

2013-02-0819:55:01

CWE-310

mitre

web.nvd.nist.gov

cve-2013-1619

gnutls

tls implementation

timing side-channel attacks

cbc padding

remote attackers

plaintext-recovery attacks

statistical analysis

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

AI Score

6.8

Confidence

High

EPSS

0.005

Percentile

77.3%

JSON

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

Nvd

Node

gnugnutlsMatch2.0.0

gnugnutlsMatch2.0.1

gnugnutlsMatch2.0.2

gnugnutlsMatch2.0.3

gnugnutlsMatch2.0.4

gnugnutlsMatch2.1.0

gnugnutlsMatch2.1.1

gnugnutlsMatch2.1.2

gnugnutlsMatch2.1.3

gnugnutlsMatch2.1.4

gnugnutlsMatch2.1.5

gnugnutlsMatch2.1.6

gnugnutlsMatch2.1.7

gnugnutlsMatch2.1.8

gnugnutlsMatch2.2.0

gnugnutlsMatch2.2.1

gnugnutlsMatch2.2.2

gnugnutlsMatch2.2.3

gnugnutlsMatch2.2.4

gnugnutlsMatch2.2.5

gnugnutlsMatch2.3.0

gnugnutlsMatch2.3.1

gnugnutlsMatch2.3.2

gnugnutlsMatch2.3.3

gnugnutlsMatch2.3.4

gnugnutlsMatch2.3.5

gnugnutlsMatch2.3.6

gnugnutlsMatch2.3.7

gnugnutlsMatch2.3.8

gnugnutlsMatch2.3.9

gnugnutlsMatch2.3.10

gnugnutlsMatch2.3.11

gnugnutlsMatch2.4.0

gnugnutlsMatch2.4.1

gnugnutlsMatch2.4.2

gnugnutlsMatch2.4.3

gnugnutlsMatch2.5.0

gnugnutlsMatch2.6.0

gnugnutlsMatch2.6.1

gnugnutlsMatch2.6.2

gnugnutlsMatch2.6.3

gnugnutlsMatch2.6.4

gnugnutlsMatch2.6.5

gnugnutlsMatch2.6.6

gnugnutlsMatch2.7.4

gnugnutlsMatch2.8.0

gnugnutlsMatch2.8.1

gnugnutlsMatch2.8.2

gnugnutlsMatch2.8.3

gnugnutlsMatch2.8.4

gnugnutlsMatch2.8.5

gnugnutlsMatch2.8.6

gnugnutlsMatch2.10.0

gnugnutlsMatch2.10.1

gnugnutlsMatch2.10.2

gnugnutlsMatch2.10.3

gnugnutlsMatch2.10.4

gnugnutlsMatch2.10.5

gnugnutlsMatch2.12.0

gnugnutlsMatch2.12.1

gnugnutlsMatch2.12.2

gnugnutlsMatch2.12.3

gnugnutlsMatch2.12.4

gnugnutlsMatch2.12.5

gnugnutlsMatch2.12.6

gnugnutlsMatch2.12.6.1

gnugnutlsMatch2.12.7

gnugnutlsMatch2.12.8

gnugnutlsMatch2.12.9

gnugnutlsMatch2.12.10

gnugnutlsMatch2.12.11

gnugnutlsMatch2.12.12

gnugnutlsMatch2.12.13

gnugnutlsMatch2.12.14

gnugnutlsMatch2.12.15

gnugnutlsMatch2.12.16

gnugnutlsMatch2.12.17

gnugnutlsMatch2.12.18

gnugnutlsMatch2.12.19

gnugnutlsMatch2.12.20

gnugnutlsMatch2.12.21

gnugnutlsMatch2.12.22

Node

gnugnutlsMatch3.0

gnugnutlsMatch3.0.0

gnugnutlsMatch3.0.1

gnugnutlsMatch3.0.2

gnugnutlsMatch3.0.3

gnugnutlsMatch3.0.4

gnugnutlsMatch3.0.5

gnugnutlsMatch3.0.6

gnugnutlsMatch3.0.7

gnugnutlsMatch3.0.8

gnugnutlsMatch3.0.9

gnugnutlsMatch3.0.10

gnugnutlsMatch3.0.11

gnugnutlsMatch3.0.12

gnugnutlsMatch3.0.13

gnugnutlsMatch3.0.14

gnugnutlsMatch3.0.15

gnugnutlsMatch3.0.16

gnugnutlsMatch3.0.17

gnugnutlsMatch3.0.18

gnugnutlsMatch3.0.19

gnugnutlsMatch3.0.20

gnugnutlsMatch3.0.21

gnugnutlsMatch3.0.22

gnugnutlsMatch3.0.23

gnugnutlsMatch3.0.24

gnugnutlsMatch3.0.25

gnugnutlsMatch3.0.26

gnugnutlsMatch3.0.27

Node

gnugnutlsMatch3.1.0

gnugnutlsMatch3.1.1

gnugnutlsMatch3.1.2

gnugnutlsMatch3.1.3

gnugnutlsMatch3.1.4

gnugnutlsMatch3.1.5

gnugnutlsMatch3.1.6

VendorProductVersionCPE
gnugnutls2.0.0cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*
gnugnutls2.0.1cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*
gnugnutls2.0.2cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*
gnugnutls2.0.3cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*
gnugnutls2.0.4cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*
gnugnutls2.1.0cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*
gnugnutls2.1.1cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*
gnugnutls2.1.2cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*
gnugnutls2.1.3cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*
gnugnutls2.1.4cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gnu	gnutls	2.0.0	cpe:2.3:a:gnu:gnutls:2.0.0:::::::*
gnu	gnutls	2.0.1	cpe:2.3:a:gnu:gnutls:2.0.1:::::::*
gnu	gnutls	2.0.2	cpe:2.3:a:gnu:gnutls:2.0.2:::::::*
gnu	gnutls	2.0.3	cpe:2.3:a:gnu:gnutls:2.0.3:::::::*
gnu	gnutls	2.0.4	cpe:2.3:a:gnu:gnutls:2.0.4:::::::*
gnu	gnutls	2.1.0	cpe:2.3:a:gnu:gnutls:2.1.0:::::::*
gnu	gnutls	2.1.1	cpe:2.3:a:gnu:gnutls:2.1.1:::::::*
gnu	gnutls	2.1.2	cpe:2.3:a:gnu:gnutls:2.1.2:::::::*
gnu	gnutls	2.1.3	cpe:2.3:a:gnu:gnutls:2.1.3:::::::*
gnu	gnutls	2.1.4	cpe:2.3:a:gnu:gnutls:2.1.4:::::::*