4.3

CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)
YasslCyassl Version <= 2.4.6
YasslCyassl Version0.2.0
YasslCyassl Version0.3.0
YasslCyassl Version0.4.0
YasslCyassl Version0.5.0
YasslCyassl Version0.5.5
YasslCyassl Version0.6.0
YasslCyassl Version0.6.2
YasslCyassl Version0.6.3
YasslCyassl Version0.8.0
YasslCyassl Version0.9.0
YasslCyassl Version0.9.6
YasslCyassl Version0.9.8
YasslCyassl Version0.9.9
YasslCyassl Version1.0.0 Updaterc1
YasslCyassl Version1.0.0 Updaterc2
YasslCyassl Version1.0.0 Updaterc3
YasslCyassl Version1.0.2
YasslCyassl Version1.0.3
YasslCyassl Version1.0.6
YasslCyassl Version1.1.0
YasslCyassl Version1.2.0
YasslCyassl Version1.3.0
YasslCyassl Version1.4.0
YasslCyassl Version1.5.0
YasslCyassl Version1.5.4
YasslCyassl Version1.5.6
YasslCyassl Version1.6.0
YasslCyassl Version1.6.5
YasslCyassl Version1.8.0
YasslCyassl Version1.9.0
YasslCyassl Version2.0.0 Updaterc1
YasslCyassl Version2.0.0 Updaterc2
YasslCyassl Version2.0.0 Updaterc3
YasslCyassl Version2.0.2
YasslCyassl Version2.0.6
YasslCyassl Version2.0.8
YasslCyassl Version2.2.0
YasslCyassl Version2.3.0
YasslCyassl Version2.4.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.94% 0.74
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:P/I:N/A:N