CVE-2013-0169
Published Feb 8, 2013
Last updated 2 years ago
Overview
- Description
- The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.6
- Impact score
- 2.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Evaluator
- Comment
- Per http://www.openssl.org/news/vulnerabilities.html: Fixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1) Fixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0) Fixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8) Affected users should upgrade to OpenSSL 1.0.1e, 1.0.0k or 0.9.8y (The fix in 1.0.1d wasn't complete, so please use 1.0.1e or later)
- Impact
- -
- Solution
- -
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7C2F01ED-AB65-4006-AE2A-E9F73791D436",
"versionEndIncluding": "0.9.8x",
"versionStartIncluding": "0.9.8"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "581DC050-33FB-408D-AB43-D3D796BCBBDE",
"versionEndIncluding": "1.0.0j",
"versionStartIncluding": "1.0.0"
},
{
"criteria": "cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02E6874F-3469-4173-92DE-1E90F0B241FB",
"versionEndIncluding": "1.0.1d",
"versionStartIncluding": "1.0.1"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C58642D-8504-4D3B-A411-96B83CFCD05D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "603BED29-3B3F-49AD-A518-E68B40AE8484"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0F03670F-559C-433D-8AE8-A3C16F05E1D8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A294535-7190-4C33-910D-0520F575D800"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "52A6300A-98F2-4E5A-909E-895A6C5B1D04"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2280FB93-81A0-4BF4-AD7E-C9EAD277B379"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E42E405-91ED-4F41-A2EE-CECB27EB4951"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11BCE518-1A35-44DE-9B40-B89E7637F830"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46D0BB1F-FA76-4185-ACD4-587DFB24CFF7"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D27FDDD5-083F-4A83-836F-BDCEB94894FA"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "30BF0C2F-BF35-41B8-BC6A-F2DACE6A9A32"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EE05CDF7-1C43-46BF-9A7E-56B31BC1C837"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A520D505-7BDC-4E82-8A43-7C50AEE2B222"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5ADF3C32-6663-4003-B7D6-CE3D02AFF45E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F15C4440-6283-433E-998E-856DA7ED4DB5"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C729FF50-6E41-4CEB-888A-E0FBD69B7897"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "EB0AB341-46CE-4851-899A-B09C81A9792E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "68EF7AC1-0179-4E10-89DD-5DA33682B3F8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "243726CF-F79A-4487-8807-FFA0AC86760B"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DECF6EC-B787-4CBA-936C-527864B504DB"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3C70C7D7-4E28-49D9-A007-EB186E85E5B6"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "99B2B1A1-C3E5-4A32-8F5A-4BA8664E7537"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3F57C81C-446F-462C-BB64-65F87D1AA28F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CFFA025-08DC-4AEF-AAE3-B20ECCB0946E"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "ACBA03CE-2EF2-4C51-B796-54C65C3CFBCD"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "085241E5-F958-43DD-AB0A-35EAF6954CB7"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "20CD7414-1D66-4311-90FB-5D53C0C22D82"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6DCB646B-3F17-427D-AE89-039FCA1F6D7D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FA2AB84A-05D5-4091-B225-7762A73D45BD"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A5A15F9-5047-4BB9-9B3E-A00998B6E7C3"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "11A0378E-0D41-4FE0-8DAF-A01B66D814DE"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "942C51A3-87AC-4DB5-BAB9-3771A19C472A"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C34819D3-615F-4CEE-BEAA-CE48BC2E53BC"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D97A141E-5FC0-4B79-ABAA-82F6DE857625"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D32EAE02-B313-47AC-A1A3-BBF58A692E02"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "81EA5E3B-7EA9-45A4-9B69-2DD96471A731"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27DED59D-C293-4D36-B194-B1645CD798C0"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DC3ADCB9-C4B7-4D30-932B-415C317870F2"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "06FB52F8-8702-4795-BA47-28A1D007952F"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3FDD48A5-9956-4AE6-9899-40D0830719FF"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "875DAD00-C396-4F45-8C39-843686D5C3DA"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F45FA1E6-D848-482B-BB3F-5B02E837EE60"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "94A59C56-6A9B-4630-ACBD-45359451120D"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "795C1133-BF5E-4B07-A448-13EFAFEED9B8"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DF20B7CE-1CD3-4D1E-9C5F-E9594A5135D9"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3206CF31-0EF2-4351-A077-1F8935965492"
},
{
"criteria": "cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D2E1A163-7376-41C9-A0FF-C8C3B192B73A"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "21684D8F-C925-4BBE-A9E5-3799C84BDB13"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.10.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CE3EE93-6274-4996-A843-D2DF3249E06C"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0DBD7490-815C-4E93-AD6C-5BBF1E3D6AD6"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.11.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D3C08BCF-F438-4862-B93A-76282A4129D8"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "DA654207-3F1A-4737-AA1C-523DBD420D2A"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.12.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "09D1B837-15DB-4A37-AF13-9FE6D894C084"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.13.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CEA214D9-E535-4F68-9A23-504121748700"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "131EF818-747C-47F0-A69B-7F55CCA93F9B"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B86C938F-CE5E-4955-8702-ABE9B635E337"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.14.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B8DC2818-EBB5-4A14-9468-57737B04F5A7"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F0D9D498-444E-4E92-B2A1-C8D72FA59F50"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4D9AE2FA-068E-4F9E-BA3B-69123D9B0A67"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22EA88C6-E217-4D1F-981B-096930A7728C"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:0.99:pre5:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BB29D8D-8287-4B5B-967F-55DCA0C0ED2B"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E25A1C90-15E9-4577-B25D-855D48C4F4E8"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "18BC3056-6CF9-4C6A-9F03-C8812CA10AF1"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc0:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02CE9326-279B-4CFE-8FBD-4450793D9C67"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.0:rc1:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7513F8AC-A847-412D-B657-9426E4C6C020"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "88CE920F-DBD6-4D01-87E1-26FA10101692"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C6F1E192-D0F2-476E-A7A9-AFB031687533"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2F9DDE3F-26AE-41E0-9433-E5C018C699E8"
},
{
"criteria": "cpe:2.3:a:polarssl:polarssl:1.1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40F9819E-798E-4DA6-A7E4-39A85B68A5F5"
}
],
"operator": "OR"
}
]
}
]