CVE-2013-1624

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4 UNKNOWN
NETWORK
HIGH
AV:N/AC:H/Au:N/C:P/I:P/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 66%
VendorProductVersion
bouncycastlebc-java
1.01
bouncycastlebc-java
1.02
bouncycastlebc-java
1.03
bouncycastlebc-java
1.04
bouncycastlebc-java
1.05
bouncycastlebc-java
1.06
bouncycastlebc-java
1.07
bouncycastlebc-java
1.08
bouncycastlebc-java
1.09
bouncycastlebc-java
1.10
bouncycastlebc-java
1.11
bouncycastlebc-java
1.12
bouncycastlebc-java
1.13
bouncycastlebc-java
1.14
bouncycastlebc-java
1.15
bouncycastlebc-java
1.16
bouncycastlebc-java
1.17
bouncycastlebc-java
1.18
bouncycastlebc-java
1.19
bouncycastlebc-java
1.20
bouncycastlebc-java
1.21
bouncycastlebc-java
1.22
bouncycastlebc-java
1.23
bouncycastlebc-java
1.24
bouncycastlebc-java
1.25
bouncycastlebc-java
1.26
bouncycastlebc-java
1.27
bouncycastlebc-java
1.28
bouncycastlebc-java
1.29
bouncycastlebc-java
1.30
bouncycastlebc-java
1.31
bouncycastlebc-java
1.32
bouncycastlebc-java
1.33
bouncycastlebc-java
1.34
bouncycastlebc-java
1.35
bouncycastlebc-java
1.36
bouncycastlebc-java
1.37
bouncycastlebc-java
1.38
bouncycastlebc-java
1.39
bouncycastlebc-java
1.40
bouncycastlebc-java
1.41
bouncycastlebc-java
1.42
bouncycastlebc-java
1.43
bouncycastlebc-java
1.44
bouncycastlebc-java
1.45
bouncycastlebc-java
1.46
bouncycastlebc-java
1.47
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
0.0
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.0
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.1
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.2
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.3
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.4
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.5
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.6.1
bouncycastlelegion-of-the-bouncy-castle-c\#-cryptography-api
1.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
bouncycastle
bullseye
1.68-2
fixed
squeeze
no-dsa
wheezy
no-dsa
bookworm
1.72-2
fixed
sid
1.77-1
fixed
trixie
1.77-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
bouncycastle
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
not-affected
vivid
not-affected
utopic
not-affected
trusty
dne
saucy
not-affected
raring
ignored
quantal
ignored
precise
ignored
oneiric
ignored
lucid
ignored
hardy
ignored
Common Weakness Enumeration