CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Severity
UNKNOWN
AV:N/AC:H/Au:N/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
HIGH
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
opensslopenssl
0.9.8 ≤
𝑥
≤ 0.9.8x
opensslopenssl
1.0.0 ≤
𝑥
≤ 1.0.0j
opensslopenssl
1.0.1 ≤
𝑥
≤ 1.0.1d
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.6.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
oracleopenjdk
1.7.0
polarsslpolarssl
0.10.0
polarsslpolarssl
0.10.1
polarsslpolarssl
0.11.0
polarsslpolarssl
0.11.1
polarsslpolarssl
0.12.0
polarsslpolarssl
0.12.1
polarsslpolarssl
0.13.1
polarsslpolarssl
0.14.0
polarsslpolarssl
0.14.2
polarsslpolarssl
0.14.3
polarsslpolarssl
0.99
polarsslpolarssl
0.99
polarsslpolarssl
0.99
polarsslpolarssl
0.99
polarsslpolarssl
1.0.0
polarsslpolarssl
1.1.0
polarsslpolarssl
1.1.0
polarsslpolarssl
1.1.0
polarsslpolarssl
1.1.1
polarsslpolarssl
1.1.2
polarsslpolarssl
1.1.3
polarsslpolarssl
1.1.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bouncycastle
bullseye
1.68-2
fixed
wheezy
no-dsa
squeeze
no-dsa
bookworm
1.72-2
fixed
sid
1.77-1
fixed
trixie
1.77-1
fixed
gnutls28
bullseye
3.7.1-5+deb11u5
fixed
wheezy
no-dsa
squeeze
no-dsa
bullseye (security)
3.7.1-5+deb11u6
fixed
bookworm
3.7.9-2+deb12u3
fixed
sid
3.8.6-2
fixed
trixie
3.8.6-2
fixed
nss
bullseye
2:3.61-1+deb11u3
fixed
wheezy
no-dsa
squeeze
no-dsa
bullseye (security)
2:3.61-1+deb11u4
fixed
bookworm
2:3.87.1-1
fixed
sid
2:3.105-2
fixed
trixie
2:3.105-2
fixed
openssl
bullseye
1.1.1w-0+deb11u1
fixed
wheezy
no-dsa
squeeze
no-dsa
bullseye (security)
1.1.1w-0+deb11u2
fixed
bookworm
3.0.14-1~deb12u1
fixed
bookworm (security)
3.0.14-1~deb12u2
fixed
sid
3.3.2-2
fixed
trixie
3.3.2-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openjdk-6
trusty
Fixed 6b27-1.12.3-1ubuntu1
released
saucy
Fixed 6b27-1.12.3-1ubuntu1
released
raring
Fixed 6b27-1.12.3-1ubuntu1
released
quantal
Fixed 6b27-1.12.3-0ubuntu1~12.10
released
precise
Fixed 6b27-1.12.3-0ubuntu1~12.04
released
oneiric
Fixed 6b27-1.12.3-0ubuntu1~11.10
released
lucid
Fixed 6b27-1.12.3-0ubuntu1~10.04
released
hardy
Fixed 6b27-1.12.3-0ubuntu1~08.04.1
released
openjdk-7
trusty
Fixed 7u15-2.3.7-1ubuntu1
released
saucy
Fixed 7u15-2.3.7-1ubuntu1
released
raring
Fixed 7u15-2.3.7-1ubuntu1
released
quantal
Fixed 7u15-2.3.7-0ubuntu1~12.10
released
precise
Fixed 7u15-2.3.7-0ubuntu1~12.04
released
oneiric
Fixed 7u15-2.3.7-0ubuntu1~11.10
released
lucid
dne
hardy
dne
openssl
trusty
Fixed 1.0.1c-4ubuntu8
released
saucy
Fixed 1.0.1c-4ubuntu8
released
raring
Fixed 1.0.1c-4ubuntu8
released
quantal
Fixed 1.0.1c-3ubuntu2.3
released
precise
Fixed 1.0.1-4ubuntu5.8
released
oneiric
Fixed 1.0.0e-2ubuntu4.7
released
lucid
Fixed 0.9.8k-7ubuntu8.14
released
hardy
Fixed 0.9.8g-4ubuntu3.20
released
openssl098
trusty
Fixed 0.9.8o-7ubuntu3.2.14.04.1
released
saucy
Fixed 0.9.8o-7ubuntu3.2.13.10.1
released
raring
ignored
quantal
ignored
precise
Fixed 0.9.8o-7ubuntu3.2
released
oneiric
ignored
lucid
dne
hardy
dne
Common Weakness Enumeration
References