4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
77.3%
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not
properly consider timing side-channel attacks on a noncompliant MAC check
operation during the processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets, a
related issue to CVE-2013-0169.
Author | Note |
---|---|
jdstrand | no updates from upstream at this time |
seth-arnold | not mentioned in April CPU, but the code fixed in the Debian bug report is present, looks fixed |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 11.10 | noarch | mysql-5.1 | < 5.1.69-0ubuntu0.11.10.1 | UNKNOWN |
ubuntu | 12.04 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.12.04.1 | UNKNOWN |
ubuntu | 12.10 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.12.10.1 | UNKNOWN |
ubuntu | 13.04 | noarch | mysql-5.5 | < 5.5.31-0ubuntu0.13.04.1 | UNKNOWN |
ubuntu | 10.04 | noarch | mysql-dfsg-5.1 | < 5.1.69-0ubuntu0.10.04.1 | UNKNOWN |