5
CVE-2003-0078
- EPSS 13.72%
- Veröffentlicht 03.03.2003 05:00:00
- Zuletzt bearbeitet 16.06.2026 22:01:28
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 13.72% | 0.96 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
CWE-203 Observable Discrepancy
The product behaves differently or sends different responses under different circumstances in a way that is observable to an unauthorized actor.
http://www.redhat.com/support/errata/RHSA-2003-082.html
ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc
ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I
http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570
http://marc.info/?l=bugtraq&m=104567627211904&w=2
http://marc.info/?l=bugtraq&m=104568426824439&w=2
http://marc.info/?l=bugtraq&m=104577183206905&w=2
http://www.ciac.org/ciac/bulletins/n-051.shtml
http://www.debian.org/security/2003/dsa-253
http://www.iss.net/security_center/static/11369.php
http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html
http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020
http://www.openssl.org/news/secadv_20030219.txt
http://www.osvdb.org/3945
http://www.redhat.com/support/errata/RHSA-2003-062.html
http://www.redhat.com/support/errata/RHSA-2003-063.html
http://www.redhat.com/support/errata/RHSA-2003-104.html
http://www.redhat.com/support/errata/RHSA-2003-205.html
http://www.securityfocus.com/bid/6884
http://www.trustix.org/errata/2003/0005