Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4
CVSSv2

CVE-2013-1624

Published: 08/02/2013 Updated: 30/10/2018
CVSS v2 Base Score: 4 | Impact Score: 4.9 | Exploitability Score: 4.9
VMScore: 356
Vector: AV:N/AC:H/Au:N/C:P/I:P/A:N
Subscribe to Bouncycastle

Vulnerability Summary

The TLS implementation in the Bouncy Castle Java library prior to 1.48 and C# library prior to 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote malicious users to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.12

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.11

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.20

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.17

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.04

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.03

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.08

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.07

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.06

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.16

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.13

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.23

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.24

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.32

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.31

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.43

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.44

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.02

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.01

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.05

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.19

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.14

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.27

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.21

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.22

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.37

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.38

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.45

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.46

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.30

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.28

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.34

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.33

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.39

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.40

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.47

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.10

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.09

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.18

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.15

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.25

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.26

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.36

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.35

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.29

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.41

bouncycastle legion-of-the-bouncy-castle-java-crytography-api 1.42

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.1

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.2

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.3

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.4

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.5

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.7

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.6.1

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 0.0

bouncycastle legion-of-the-bouncy-castle-c\\#-cryptography-api 1.0

Vendor Advisories

Debian CVElist Bug Report Logs: TLS timing attack in bouncycastle (Lucky 13)
Debian Bug report logs - #699885 TLS timing attack in bouncycastle (Lucky 13) Package: bouncycastle; Maintainer for bouncycastle is Debian Java Maintainers <pkg-java-maintainers@listsaliothdebianorg>; Reported by: Thijs Kinkhorst <thijs@debianorg> Date: Wed, 6 Feb 2013 10:48:02 UTC Severity: serious Tags: securi ...

References

CWE-310http://openwall.com/lists/oss-security/2013/02/05/24http://www.isg.rhul.ac.uk/tls/TLStiming.pdfhttp://secunia.com/advisories/57716http://rhn.redhat.com/errata/RHSA-2014-0371.htmlhttp://secunia.com/advisories/57719http://rhn.redhat.com/errata/RHSA-2014-0372.htmlhttps://nvd.nist.govhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322cross-site request forgeryunauthorizedCVE-2024-33925reflected XSSCVE-2023-51580CVE-2023-51579CVE-2015-2051CVE-2023-51609
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook