CVE-2013-0169

Openssl < 0.9.8x - Cryptographic Issue

Title source: rule
STIX 2.1

Description

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Exploits (1)

nomisec WORKING POC 2 stars
by wearohat · poc
https://github.com/wearohat/lucky13

References (55)

Core 55
Core References
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2013/02/05/24
Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html
Third Party Advisory x_refsource_confirm
http://www.matrixssl.org/news.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0587.html
Third Party Advisory vendor-advisory x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201406-32.xml
Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert
http://www.us-cert.gov/cas/techalerts/TA13-051A.html
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:095
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55139
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55322
Vendor Advisory x_refsource_confirm
http://www.openssl.org/news/secadv_20130204.txt
Third Party Advisory x_refsource_confirm
https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084
Third Party Advisory x_refsource_misc
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2622
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/57778
Third Party Advisory x_refsource_confirm
http://www-01.ibm.com/support/docview.wss?uid=swg21644047
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1455.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55351
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136396549913849&w=2
Third Party Advisory x_refsource_confirm
https://puppet.com/security/cve/cve-2013-0169
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=137545771702053&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136432043316835&w=2
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0833.html
Third Party Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1735-1
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136439120408139&w=2
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/53623
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html
Third Party Advisory, US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/737740
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2013/dsa-2621
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0783.html
Third Party Advisory vendor-advisory x_refsource_hp
http://marc.info/?l=bugtraq&m=136733161405818&w=2
Mailing List, Third Party Advisory vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55108
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0782.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html
Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1029190
Third Party Advisory x_refsource_confirm
http://www.splunk.com/view/SP-CAAAHXG
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-1456.html
Third Party Advisory x_refsource_confirm
http://support.apple.com/kb/HT5880
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/55350
Third Party Advisory x_refsource_confirm
https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf

Scores

EPSS 0.0084
EPSS Percentile 74.8%

Details

CWE
CWE-310
Status published
Products (5)
openssl/openssl 0.9.8 - 0.9.8x
oracle/openjdk 1.6.0 (35 CPE variants)
oracle/openjdk 1.7.0 (12 CPE variants)
polarssl/polarssl 0.10.0
polarssl/polarssl 0.10.1
Published Feb 08, 2013
Tracked Since Feb 18, 2026