CVE-2013-0169


Severity : Low
Published : 2013-02-08
Modified : 2014-03-16
Base Score : 2.6
Details : The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Product/Version :  
Per http://www.openssl.org/news/vulnerabilities.html:  
Fixed in OpenSSL 1.0.1d (Affected 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1)  
Fixed in OpenSSL 1.0.0k (Affected 1.0.0j, 1.0.0i, 1.0.0g, 1.0.0f, 1.0.0e, 1.0.0d, 1.0.0c, 1.0.0b, 1.0.0a, 1.0.0)  
Fixed in OpenSSL 0.9.8y (Affected 0.9.8x, 0.9.8w, 0.9.8v, 0.9.8u, 0.9.8t, 0.9.8s, 0.9.8r, 0.9.8q, 0.9.8p, 0.9.8o, 0.9.8n, 0.9.8m, 0.9.8l, 0.9.8k, 0.9.8j, 0.9.8i, 0.9.8h, 0.9.8g, 0.9.8f, 0.9.8d, 0.9.8c, 0.9.8b, 0.9.8a, 0.9.8)  
 
 
Pro 5.0  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
CGE 5.x  
Mobilinux 5.x  
Pro 5.0  
CGE 5.x  
Mobilinux 5.x  
Mobilinux 5.0.24  
MVL 5 Atom  
Pro 5.0.24  
MVL 5 OMAP3  
MVL 5 OMAP3530  
Carrier Grade CGE 6.0  
Carrier Grade CGE 6.0  
 
 
 


CVE Vulnerabilities List CVE-2013
CVE-2013-6383CVE-2013-5211CVE-2013-4788CVE-2013-4588
CVE-2013-4548CVE-2013-4512CVE-2013-4470CVE-2013-4458
CVE-2013-4387CVE-2013-4342CVE-2013-4332CVE-2013-4237
CVE-2013-4162CVE-2013-3235CVE-2013-3229CVE-2013-3224
CVE-2013-3222CVE-2013-2893CVE-2013-2892CVE-2013-2889
CVE-2013-2888CVE-2013-2851CVE-2013-2777CVE-2013-2237
CVE-2013-2234CVE-2013-2232CVE-2013-2206CVE-2013-2164
CVE-2013-2147CVE-2013-2141CVE-2013-2128CVE-2013-2116
CVE-2013-2066CVE-2013-2063CVE-2013-2062CVE-2013-2005
CVE-2013-2004CVE-2013-2003CVE-2013-2002CVE-2013-2001
CVE-2013-1998CVE-2013-1997CVE-2013-1996CVE-2013-1995
CVE-2013-1992CVE-2013-1991CVE-2013-1990CVE-2013-1989
CVE-2013-1988CVE-2013-1987CVE-2013-1986CVE-2013-1985
CVE-2013-1984CVE-2013-1983CVE-2013-1982CVE-2013-1981
CVE-2013-1961CVE-2013-1960CVE-2013-1944CVE-2013-1943
CVE-2013-1928CVE-2013-1914CVE-2013-1862CVE-2013-1860
CVE-2013-1827CVE-2013-1796CVE-2013-1776CVE-2013-1775
CVE-2013-1774CVE-2013-1619CVE-2013-0914CVE-2013-0871
CVE-2013-0349CVE-2013-0343CVE-2013-0338CVE-2013-0310
CVE-2013-0309CVE-2013-0292CVE-2013-0268CVE-2013-0242
CVE-2013-0223CVE-2013-0222CVE-2013-0221CVE-2013-0189
CVE-2013-0169CVE-2013-0166