Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2013-1619

Published: 08/02/2013 Updated: 26/03/2014
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 356
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Subscribe to Gnu

Vulnerability Summary

The TLS implementation in GnuTLS prior to 2.12.23, 3.0.x prior to 3.0.28, and 3.1.x prior to 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

gnu gnutls 2.12.2

gnu gnutls 2.12.3

gnu gnutls 2.6.4

gnu gnutls 2.6.5

gnu gnutls 2.6.1

gnu gnutls 2.12.17

gnu gnutls 2.12.9

gnu gnutls 2.12.10

gnu gnutls 2.8.4

gnu gnutls 2.8.5

gnu gnutls 2.10.5

gnu gnutls 2.12.4

gnu gnutls 2.12.5

gnu gnutls 2.4.2

gnu gnutls 2.4.1

gnu gnutls 2.7.4

gnu gnutls 2.12.15

gnu gnutls 2.3.11

gnu gnutls 2.12.11

gnu gnutls 2.12.12

gnu gnutls 2.8.6

gnu gnutls 2.10.0

gnu gnutls 2.2.0

gnu gnutls 2.12.14

gnu gnutls 2.0.0

gnu gnutls 2.0.1

gnu gnutls 2.1.5

gnu gnutls 2.1.4

gnu gnutls 2.3.3

gnu gnutls 2.3.10

gnu gnutls 2.12.20

gnu gnutls 2.12.19

gnu gnutls 2.5.0

gnu gnutls 2.6.0

gnu gnutls 2.4.0

gnu gnutls 2.6.6

gnu gnutls 2.8.0

gnu gnutls 2.12.6.1

gnu gnutls 2.12.6

gnu gnutls 2.12.13

gnu gnutls 2.4.3

gnu gnutls 2.10.1

gnu gnutls 2.10.2

gnu gnutls 2.0.4

gnu gnutls 2.2.5

gnu gnutls 2.1.2

gnu gnutls 2.1.3

gnu gnutls 2.3.2

gnu gnutls 2.3.1

gnu gnutls 2.3.9

gnu gnutls 2.3.8

gnu gnutls 2.2.2

gnu gnutls 2.2.1

gnu gnutls 2.0.2

gnu gnutls 2.0.3

gnu gnutls 2.1.7

gnu gnutls 2.1.6

gnu gnutls 2.3.5

gnu gnutls 2.3.4

gnu gnutls 2.12.22

gnu gnutls 2.12.21

gnu gnutls 2.12.0

gnu gnutls 2.12.1

gnu gnutls 2.6.2

gnu gnutls 2.6.3

gnu gnutls 2.8.1

gnu gnutls 2.12.16

gnu gnutls 2.12.7

gnu gnutls 2.12.8

gnu gnutls 2.8.2

gnu gnutls 2.8.3

gnu gnutls 2.10.3

gnu gnutls 2.10.4

gnu gnutls 2.2.4

gnu gnutls 2.2.3

gnu gnutls 2.1.0

gnu gnutls 2.1.1

gnu gnutls 2.3.0

gnu gnutls 2.1.8

gnu gnutls 2.3.6

gnu gnutls 2.3.7

gnu gnutls 2.12.18

gnu gnutls 3.0.16

gnu gnutls 3.0.0

gnu gnutls 3.0.9

gnu gnutls 3.0.8

gnu gnutls 3.0.21

gnu gnutls 3.0.22

gnu gnutls 3.0.14

gnu gnutls 3.0.1

gnu gnutls 3.0.2

gnu gnutls 3.0.3

gnu gnutls 3.0.7

gnu gnutls 3.0.10

gnu gnutls 3.0.23

gnu gnutls 3.0.24

gnu gnutls 3.0.11

gnu gnutls 3.0.15

gnu gnutls 3.0.6

gnu gnutls 3.0

gnu gnutls 3.0.19

gnu gnutls 3.0.20

gnu gnutls 3.0.27

gnu gnutls 3.0.12

gnu gnutls 3.0.13

gnu gnutls 3.0.4

gnu gnutls 3.0.5

gnu gnutls 3.0.17

gnu gnutls 3.0.18

gnu gnutls 3.0.25

gnu gnutls 3.0.26

gnu gnutls 3.1.0

gnu gnutls 3.1.1

gnu gnutls 3.1.2

gnu gnutls 3.1.3

gnu gnutls 3.1.4

gnu gnutls 3.1.5

gnu gnutls 3.1.6

Vendor Advisories

Ubuntu Security Notice: gnutls13, gnutls26 vulnerability
GnuTLS could be made to expose sensitive information over the network ...
Red Hat: Moderate: gnutls security update
Synopsis Moderate: gnutls security update Type/Severity Security Advisory: Moderate Topic Updated gnutls packages that fix one security issue are now available forRed Hat Enterprise Linux 5 and 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact A Common Vulnerabili ...
Red Hat: Important: rhev-hypervisor6 security and bug fix update
Synopsis Important: rhev-hypervisor6 security and bug fix update Type/Severity Security Advisory: Important Topic An updated rhev-hypervisor6 package that fixes several security issues andvarious bugs is now availableThe Red Hat Security Response Team has rated this update as havingimportant security impac ...
Amazon Linux AMI: ALAS-2013-197
It was discovered that the fix for the CVE-2013-1619 issue introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS (CVE-2013-2116) ...
Amazon Linux AMI: ALAS-2013-172
It was discovered that GnuTLS leaked timing information when decrypting TLS/SSL protocol encrypted records when CBC-mode cipher suites were used A remote attacker could possibly use this flaw to retrieve plain text from the encrypted packets by using a TLS/SSL server as a padding oracle (CVE-2013-1619) ...

References

CWE-310http://www.isg.rhul.ac.uk/tls/TLStiming.pdfhttps://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0http://openwall.com/lists/oss-security/2013/02/05/24https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.htmlhttp://www.gnutls.org/security.html#GNUTLS-SA-2013-1http://www.ubuntu.com/usn/USN-1752-1http://rhn.redhat.com/errata/RHSA-2013-0588.htmlhttp://lists.opensuse.org/opensuse-updates/2013-05/msg00023.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.htmlhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.htmlhttp://secunia.com/advisories/57274http://secunia.com/advisories/57260https://usn.ubuntu.com/1752-1/https://nvd.nist.gov
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48654CVE-2024-2757authentication bypassCVE-2024-3194CVE-2024-33640CVE-2024-21111dosinsecure direct object referenceCVE-2024-21345
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook