The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
History
12 May 2023, 12:58
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:oracle:openjdk:1.8.0:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:-:*:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:*:*:*:*:*:*:* |
cpe:2.3:a:oracle:openjdk:1.7.0:update7:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update6:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update21:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update9:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update20:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update11:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update2:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update24:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update22:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update1:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update19:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update15:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update7:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update37:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update13:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update34:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update6:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update14:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update17:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update38:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update25:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update13:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update26:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update27:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update4:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update10:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update16:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update32:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update1:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update3:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update29:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update11:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update10:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update5:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update3:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update35:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update18:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update31:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update23:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:-:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update30:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update4:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.7.0:update2:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update5:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update12:*:*:*:*:*:* cpe:2.3:a:oracle:openjdk:1.6.0:update33:*:*:*:*:*:* |
Information
Published : 2013-02-08 19:55
Updated : 2023-12-10 11:16
NVD link : CVE-2013-0169
Mitre link : CVE-2013-0169
CVE.ORG link : CVE-2013-0169
JSON object : View
Products Affected
openssl
- openssl
oracle
- openjdk
polarssl
- polarssl
CWE
CWE-310
Cryptographic Issues