Lucene search

[email protected]CVE-2013-1624

HistoryFeb 08, 2013 - 7:55 p.m.

CVE-2013-1624

2013-02-0819:55:01

CWE-310

[email protected]

web.nvd.nist.gov

tls implementation

bouncy castle

java

library

timing side-channel attacks

remote attackers

distinguishing attacks

plaintext-recovery attacks

cbc padding

statistical analysis

timing data

crafted packets

nvd

cve-2013-1624

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:N/C:P/I:P/A:N

6.7 Medium

AI Score

Confidence

High

0.005 Low

EPSS

Percentile

77.3%

JSON

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected configurations

NVD

Node

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.01

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.02

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.03

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.04

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.05

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.06

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.07

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.08

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.09

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.10

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.11

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.12

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.13

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.14

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.15

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.16

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.17

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.18

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.19

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.20

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.21

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.22

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.23

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.24

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.25

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.26

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.27

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.28

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.29

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.30

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.31

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.32

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.33

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.34

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.35

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.36

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.37

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.38

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.39

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.40

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.41

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.42

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.43

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.44

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.45

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.46

bouncycastlelegion-of-the-bouncy-castle-java-crytography-apiMatch1.47

Node

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch0.0

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.0

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.1

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.2

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.3

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.4

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.5

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.6.1

bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-apiMatch1.7

CPENameOperatorVersion
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.01
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.02
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.03
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.04
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.05
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.06
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.07
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.08
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.09
bouncycastle:legion-of-the-bouncy-castle-java-crytography-apibouncycastle legion-of-the-bouncy-castle-java-crytography-apieq1.10

CPE	Name	Operator	Version
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.01
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.02
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.03
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.04
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.05
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.06
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.07
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.08
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.09
bouncycastle:legion-of-the-bouncy-castle-java-crytography-api	bouncycastle legion-of-the-bouncy-castle-java-crytography-api	eq	1.10