CVE-2013-1624
Published Feb 8, 2013
Last updated 6 years ago
Overview
- Description
- The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 4.9
- Exploitability score
- 4.9
- Vector string
- AV:N/AC:H/Au:N/C:P/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-310
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.01:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FAF60BAE-BA1B-49A3-B594-3B7336F602AD"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.02:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AFDD300D-43A1-4E72-9BB6-E3141A7B3CF4"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.03:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D0C5F2A1-BBE1-4EC1-8324-64A8DC19DCE9"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.04:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "663B6F4C-1997-4651-ADA0-E061BBCA543F"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.05:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "311A950B-0152-4556-B7A0-8A1D355A095D"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.06:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D8778B34-92B6-41F7-AA5E-55127155C6D1"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.07:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3E1EAB5C-D9FE-4499-9FF2-D7C498A5CD38"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.08:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3A14408B-F008-4AFB-A3C4-E468E5D8871B"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.09:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9EF6CBA3-D974-4D9D-A5C6-5E8CB9C5E7D9"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.10:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "02092572-B188-4A8E-9745-1E93DEA818BF"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.11:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2FC51E9F-1B88-499C-B2D1-BC5B1427F5AB"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.12:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C5FC15CF-FC0E-4E74-9936-546E51C86975"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "318F8819-2E27-4E5C-A62E-DBEE060AACD6"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "01B57AD2-B600-4949-91DE-87D3EAEEE01E"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "63CE9915-2F36-4EE7-AEAE-7BA641ECAD1B"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E263B817-CA65-40E4-8BC9-D195A0F88E16"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.17:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31451E1E-4CCA-4B8B-AEB9-9C8A9918B9C5"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.18:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A3438ED-8462-40E5-B433-9F67ED9A9110"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.19:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E3258C44-1D6E-4019-B332-80505B6B7B4C"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.20:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C0BB004D-1C69-4B39-890A-AE70D27518A3"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.21:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2ACBC626-EDBD-4C75-87ED-C78066670140"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.22:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2C3D8290-1839-4219-87C1-1A10FF5CF835"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.23:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4E605FF3-E6D8-4364-B098-4265CC490AD2"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.24:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E257CDDF-1D45-40F6-AF90-51B455440EA4"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.25:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "85AA3FAB-F49F-4CC1-86E4-A2BCC90EAA6E"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.26:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5A8D2C13-72E2-4139-8EF6-2ABB21F6B199"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.27:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "46AFFBE0-63F9-47E0-BDE4-73E9C3A30D4F"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.28:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CD114491-F727-4B7D-91C9-C20583035273"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.29:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "12303E74-5E98-4F98-A21C-11EE30B74FDB"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.30:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B6F306E2-E7DE-45F9-880B-391F5BABE2C5"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.31:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FCB1F2FE-E911-438F-8CED-A77055231E7D"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.32:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C3AB6C8A-F2DD-42F7-B5B6-71E0EC1FCCCC"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.33:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FB8EA15-253A-4A29-ACD4-FCCC217CC157"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.34:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0961397F-1859-41F9-A817-304D781BB050"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.35:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "74052375-8653-494A-A4DF-012075DE91CF"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.36:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "AEC6A374-2903-4E0C-A1C7-664B4F61AE92"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.37:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5F0616EC-61CA-4BF2-B0AA-9904708F35DF"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.38:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "03F1FC36-7F65-47F2-A79F-F5EA7D3444D5"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.39:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "875046E1-7001-4D2A-81C4-8F391742AE4A"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.40:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40B16203-995B-4813-9D44-0BA044A6618C"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.41:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "34785221-CC94-4271-9D23-D5259A43AAD1"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.42:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B18042B7-F191-4E7A-A35A-560B80C52D62"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.43:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "93F59407-2608-4B0B-8EB7-9CA95C92E7F9"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.44:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "78B80BCC-BA28-403E-B305-EA8E607B756F"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.45:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "6E92AD60-8537-4D61-8C89-769D36B34BBE"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.46:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1E266FA6-AB05-44BC-8DE1-B009915FFBD9"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.47:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8378040B-25A8-4F2A-B632-E7F91A45DFD6"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:0.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "35AF4B58-7361-4D12-AADA-072A60AB0104"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BFAF5C1-7823-436C-9CA3-056F0A9D51A5"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40259337-03AB-410A-82B7-AFEB4E0C1AD1"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CA51EA08-2375-4F1B-8C89-ED18B2C9E683"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FD8F22E0-D7C8-4ADA-9312-18F07CEF4ED4"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "65F5FE67-E52C-4301-A840-F91A1F5B87B3"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0BB97D9-EADD-47DB-9ABA-A92B43C2A522"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.6.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "27F9BDF0-E59A-4FD9-B868-BF7342B98B8B"
},
{
"criteria": "cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\\#-cryptography-api:1.7:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8FF3240B-548F-45A4-BCC8-4E0534619375"
}
],
"operator": "OR"
}
]
}
]