CVE-2013-1624

EPSS 0.53%
Published 08.02.2013 19:55:01
Last modified 12.05.2025 17:37:16
Source cve@mitre.org
Teams watchlist Login
Open Login

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected products Warnungen 0 Metrics 2 CWE 0 References 9

Data is provided by the National Vulnerability Database (NVD)

Bouncycastle ≫ Bc-java Version1.01

Bouncycastle ≫ Bc-java Version1.02

Bouncycastle ≫ Bc-java Version1.03

Bouncycastle ≫ Bc-java Version1.04

Bouncycastle ≫ Bc-java Version1.05

Bouncycastle ≫ Bc-java Version1.06

Bouncycastle ≫ Bc-java Version1.07

Bouncycastle ≫ Bc-java Version1.08

Bouncycastle ≫ Bc-java Version1.09

Bouncycastle ≫ Bc-java Version1.10

Bouncycastle ≫ Bc-java Version1.11

Bouncycastle ≫ Bc-java Version1.12

Bouncycastle ≫ Bc-java Version1.13

Bouncycastle ≫ Bc-java Version1.14

Bouncycastle ≫ Bc-java Version1.15

Bouncycastle ≫ Bc-java Version1.16

Bouncycastle ≫ Bc-java Version1.17

Bouncycastle ≫ Bc-java Version1.18

Bouncycastle ≫ Bc-java Version1.19

Bouncycastle ≫ Bc-java Version1.20

Bouncycastle ≫ Bc-java Version1.21

Bouncycastle ≫ Bc-java Version1.22

Bouncycastle ≫ Bc-java Version1.23

Bouncycastle ≫ Bc-java Version1.24

Bouncycastle ≫ Bc-java Version1.25

Bouncycastle ≫ Bc-java Version1.26

Bouncycastle ≫ Bc-java Version1.27

Bouncycastle ≫ Bc-java Version1.28

Bouncycastle ≫ Bc-java Version1.29

Bouncycastle ≫ Bc-java Version1.30

Bouncycastle ≫ Bc-java Version1.31

Bouncycastle ≫ Bc-java Version1.32

Bouncycastle ≫ Bc-java Version1.33

Bouncycastle ≫ Bc-java Version1.34

Bouncycastle ≫ Bc-java Version1.35

Bouncycastle ≫ Bc-java Version1.36

Bouncycastle ≫ Bc-java Version1.37

Bouncycastle ≫ Bc-java Version1.38

Bouncycastle ≫ Bc-java Version1.39

Bouncycastle ≫ Bc-java Version1.40

Bouncycastle ≫ Bc-java Version1.41

Bouncycastle ≫ Bc-java Version1.42

Bouncycastle ≫ Bc-java Version1.43

Bouncycastle ≫ Bc-java Version1.44

Bouncycastle ≫ Bc-java Version1.45

Bouncycastle ≫ Bc-java Version1.46

Bouncycastle ≫ Bc-java Version1.47

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.53%	0.647

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	4	4.9	4.9	AV:N/AC:H/Au:N/C:P/I:P/A:N

http://rhn.redhat.com/errata/RHSA-2014-0371.html

http://rhn.redhat.com/errata/RHSA-2014-0372.html

http://secunia.com/advisories/57716

http://secunia.com/advisories/57719

http://openwall.com/lists/oss-security/2013/02/05/24

http://www.isg.rhul.ac.uk/tls/TLStiming.pdf

https://nvd.nist.gov/vuln/detail/CVE-2013-1624

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2013-1624

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2013-1624

EUVD