4

CVE-2013-1619

Exploit

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Data is provided by the National Vulnerability Database (NVD)
GnuGnutls Version2.0.0
GnuGnutls Version2.0.1
GnuGnutls Version2.0.2
GnuGnutls Version2.0.3
GnuGnutls Version2.0.4
GnuGnutls Version2.1.0
GnuGnutls Version2.1.1
GnuGnutls Version2.1.2
GnuGnutls Version2.1.3
GnuGnutls Version2.1.4
GnuGnutls Version2.1.5
GnuGnutls Version2.1.6
GnuGnutls Version2.1.7
GnuGnutls Version2.1.8
GnuGnutls Version2.2.0
GnuGnutls Version2.2.1
GnuGnutls Version2.2.2
GnuGnutls Version2.2.3
GnuGnutls Version2.2.4
GnuGnutls Version2.2.5
GnuGnutls Version2.3.0
GnuGnutls Version2.3.1
GnuGnutls Version2.3.2
GnuGnutls Version2.3.3
GnuGnutls Version2.3.4
GnuGnutls Version2.3.5
GnuGnutls Version2.3.6
GnuGnutls Version2.3.7
GnuGnutls Version2.3.8
GnuGnutls Version2.3.9
GnuGnutls Version2.3.10
GnuGnutls Version2.3.11
GnuGnutls Version2.4.0
GnuGnutls Version2.4.1
GnuGnutls Version2.4.2
GnuGnutls Version2.4.3
GnuGnutls Version2.5.0
GnuGnutls Version2.6.0
GnuGnutls Version2.6.1
GnuGnutls Version2.6.2
GnuGnutls Version2.6.3
GnuGnutls Version2.6.4
GnuGnutls Version2.6.5
GnuGnutls Version2.6.6
GnuGnutls Version2.7.4
GnuGnutls Version2.8.0
GnuGnutls Version2.8.1
GnuGnutls Version2.8.2
GnuGnutls Version2.8.3
GnuGnutls Version2.8.4
GnuGnutls Version2.8.5
GnuGnutls Version2.8.6
GnuGnutls Version2.10.0
GnuGnutls Version2.10.1
GnuGnutls Version2.10.2
GnuGnutls Version2.10.3
GnuGnutls Version2.10.4
GnuGnutls Version2.10.5
GnuGnutls Version2.12.0
GnuGnutls Version2.12.1
GnuGnutls Version2.12.2
GnuGnutls Version2.12.3
GnuGnutls Version2.12.4
GnuGnutls Version2.12.5
GnuGnutls Version2.12.6
GnuGnutls Version2.12.6.1
GnuGnutls Version2.12.7
GnuGnutls Version2.12.8
GnuGnutls Version2.12.9
GnuGnutls Version2.12.10
GnuGnutls Version2.12.11
GnuGnutls Version2.12.12
GnuGnutls Version2.12.13
GnuGnutls Version2.12.14
GnuGnutls Version2.12.15
GnuGnutls Version2.12.16
GnuGnutls Version2.12.17
GnuGnutls Version2.12.18
GnuGnutls Version2.12.19
GnuGnutls Version2.12.20
GnuGnutls Version2.12.21
GnuGnutls Version2.12.22
GnuGnutls Version3.0
GnuGnutls Version3.0.0
GnuGnutls Version3.0.1
GnuGnutls Version3.0.2
GnuGnutls Version3.0.3
GnuGnutls Version3.0.4
GnuGnutls Version3.0.5
GnuGnutls Version3.0.6
GnuGnutls Version3.0.7
GnuGnutls Version3.0.8
GnuGnutls Version3.0.9
GnuGnutls Version3.0.10
GnuGnutls Version3.0.11
GnuGnutls Version3.0.12
GnuGnutls Version3.0.13
GnuGnutls Version3.0.14
GnuGnutls Version3.0.15
GnuGnutls Version3.0.16
GnuGnutls Version3.0.17
GnuGnutls Version3.0.18
GnuGnutls Version3.0.19
GnuGnutls Version3.0.20
GnuGnutls Version3.0.21
GnuGnutls Version3.0.22
GnuGnutls Version3.0.23
GnuGnutls Version3.0.24
GnuGnutls Version3.0.25
GnuGnutls Version3.0.26
GnuGnutls Version3.0.27
GnuGnutls Version3.1.0
GnuGnutls Version3.1.1
GnuGnutls Version3.1.2
GnuGnutls Version3.1.3
GnuGnutls Version3.1.4
GnuGnutls Version3.1.5
GnuGnutls Version3.1.6
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 0.85% 0.741
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4 4.9 4.9
AV:N/AC:H/Au:N/C:P/I:P/A:N