CVE-2013-1623

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Severity
UNKNOWN
AV:N/AC:M/Au:N/C:P/I:N/A:N
Atk. Vector
NETWORK
Atk. Complexity
MEDIUM
Base Score
CVSS 3.x
EPSS Score
Percentile: 70%
VendorProductVersion
yasslcyassl
𝑥
≤ 2.4.6
yasslcyassl
0.2.0
yasslcyassl
0.3.0
yasslcyassl
0.4.0
yasslcyassl
0.5.0
yasslcyassl
0.5.5
yasslcyassl
0.6.0
yasslcyassl
0.6.2
yasslcyassl
0.6.3
yasslcyassl
0.8.0
yasslcyassl
0.9.0
yasslcyassl
0.9.6
yasslcyassl
0.9.8
yasslcyassl
0.9.9
yasslcyassl
1.0.0
yasslcyassl
1.0.0
yasslcyassl
1.0.0
yasslcyassl
1.0.2
yasslcyassl
1.0.3
yasslcyassl
1.0.6
yasslcyassl
1.1.0
yasslcyassl
1.2.0
yasslcyassl
1.3.0
yasslcyassl
1.4.0
yasslcyassl
1.5.0
yasslcyassl
1.5.4
yasslcyassl
1.5.6
yasslcyassl
1.6.0
yasslcyassl
1.6.5
yasslcyassl
1.8.0
yasslcyassl
1.9.0
yasslcyassl
2.0.0
yasslcyassl
2.0.0
yasslcyassl
2.0.0
yasslcyassl
2.0.2
yasslcyassl
2.0.6
yasslcyassl
2.0.8
yasslcyassl
2.2.0
yasslcyassl
2.3.0
yasslcyassl
2.4.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mysql-5.1
raring
dne
quantal
dne
precise
dne
oneiric
Fixed 5.1.69-0ubuntu0.11.10.1
released
lucid
dne
hardy
dne
mysql-5.5
raring
Fixed 5.5.31-0ubuntu0.13.04.1
released
quantal
Fixed 5.5.31-0ubuntu0.12.10.1
released
precise
Fixed 5.5.31-0ubuntu0.12.04.1
released
oneiric
dne
lucid
dne
hardy
dne
mysql-dfsg-5.1
raring
dne
quantal
dne
precise
dne
oneiric
dne
lucid
Fixed 5.1.69-0ubuntu0.10.04.1
released
hardy
dne
Common Weakness Enumeration