2013-02-08 20:55:01 2019-10-10 01:06:34

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Vector

NETWORK

Complexity

HIGH

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
PolarSSL 1.1.1 PolarSSL 1.1.0 release candidate 1 PolarSSL 1.1.0 release candidate 0 PolarSSL 1.1.0 PolarSSL 1.0.0 PolarSSL 0.99-pre5 PolarSSL 0.99-pre4 PolarSSL 0.99-pre3 PolarSSL 0.99-pre1 PolarSSL 0.14.3 PolarSSL 0.14.2 PolarSSL 0.14.0 PolarSSL 0.13.1 PolarSSL 0.12.1 PolarSSL 0.12.0 PolarSSL 0.11.1 PolarSSL 0.11.0 PolarSSL 0.10.1 PolarSSL 0.10.0 Oracle OpenJDK 1.8.0 (8) Oracle OpenJDK 1.6.0 (6) Oracle OpenJDK 1.7.0 (7) Oracle Openjdk - (not an official CPE) OpenSSL Project OpenSSL 1.0.1d OpenSSL Project OpenSSL 1.0.1c OpenSSL Project OpenSSL 1.0.1b OpenSSL Project OpenSSL 1.0.1a OpenSSL Project OpenSSL 1.0.1 Beta2 OpenSSL Project OpenSSL 1.0.1 Beta3 OpenSSL Project OpenSSL 1.0.1 Beta1 OpenSSL Project OpenSSL 1.0.1 OpenSSL Project OpenSSL 1.0.0j OpenSSL Project OpenSSL 1.0.0i OpenSSL Project OpenSSL 1.0.0h OpenSSL Project OpenSSL 1.0.0g OpenSSL Project OpenSSL 1.0.0f OpenSSL Project OpenSSL 1.0.0e OpenSSL Project OpenSSL 1.0.0d OpenSSL Project OpenSSL 1.0.0c OpenSSL Project OpenSSL 1.0.0b OpenSSL Project OpenSSL 1.0.0a OpenSSL Project OpenSSL 1.0.0 Beta3 OpenSSL Project OpenSSL 1.0.0 Beta4 OpenSSL Project OpenSSL 1.0.0 Beta5 OpenSSL Project OpenSSL 1.0.0 Beta2 OpenSSL Project OpenSSL 1.0.0 Beta1 OpenSSL Project OpenSSL 1.0.0 OpenSSL Project OpenSSL 0.9.8x OpenSSL Project OpenSSL 0.9.8w OpenSSL Project OpenSSL 0.9.8v OpenSSL Project OpenSSL 0.9.8u OpenSSL Project OpenSSL 0.9.8t OpenSSL Project OpenSSL 0.9.8s OpenSSL Project OpenSSL 0.9.8r OpenSSL Project OpenSSL 0.9.8q OpenSSL Project OpenSSL 0.9.8p OpenSSL Project OpenSSL 0.9.8o OpenSSL Project OpenSSL 0.9.8n OpenSSL Project OpenSSL 0.9.8m Beta1 OpenSSL Project OpenSSL 0.9.8m OpenSSL Project OpenSSL 0.9.8l OpenSSL Project OpenSSL 0.9.8k OpenSSL Project OpenSSL 0.9.8j OpenSSL Project OpenSSL 0.9.8i OpenSSL Project OpenSSL 0.9.8h OpenSSL Project OpenSSL 0.9.8g OpenSSL Project OpenSSL 0.9.8f OpenSSL Project OpenSSL 0.9.8e OpenSSL Project OpenSSL 0.9.8d OpenSSL Project OpenSSL 0.9.8c OpenSSL Project OpenSSL 0.9.8b OpenSSL Project OpenSSL 0.9.8a Openssl Openssl 0.9.8 Beta6 (not an official CPE) Openssl Openssl 0.9.8 Beta5 (not an official CPE) Openssl Openssl 0.9.8 Beta4 (not an official CPE) Openssl Openssl 0.9.8 Beta3 (not an official CPE) Openssl Openssl 0.9.8 Beta2 (not an official CPE) Openssl Openssl 0.9.8 Beta1 (not an official CPE) OpenSSL Project OpenSSL 0.9.8 PolarSSL 1.1.2 PolarSSL 1.1.3 PolarSSL 1.1.4