2013-02-08 20:55:01 2014-02-21 05:58:17

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Vector

NETWORK

Complexity

MEDIUM

Authentication

NONE

Confidentiality

PARTIAL

Integrity

NONE

Availability

NONE
Yassl Cyassl 0.9.8 (not an official CPE) Yassl Cyassl 2.3.0 (not an official CPE) Yassl Cyassl 2.0.0 Rc1 (not an official CPE) Yassl Cyassl 2.0.0 Rc2 (not an official CPE) Yassl Cyassl 2.0.0 Rc3 (not an official CPE) Yassl Cyassl 2.0.2 (not an official CPE) Yassl Cyassl 2.0.6 (not an official CPE) Yassl Cyassl 2.0.8 (not an official CPE) Yassl Cyassl 0.9.0 (not an official CPE) Yassl Cyassl 2.2.0 (not an official CPE) Yassl Cyassl 1.9.0 (not an official CPE) Yassl Cyassl 1.5.6 (not an official CPE) Yassl Cyassl 1.0.0 Rc3 (not an official CPE) Yassl Cyassl 1.0.2 (not an official CPE) Yassl Cyassl 1.0.3 (not an official CPE) Yassl Cyassl 1.5.4 (not an official CPE) Yassl Cyassl 1.0.0 Rc1 (not an official CPE) Yassl Cyassl 1.6.0 (not an official CPE) Yassl Cyassl 0.6.3 (not an official CPE) Yassl Cyassl 1.0.6 (not an official CPE) Yassl Cyassl 1.1.0 (not an official CPE) Yassl Cyassl 0.6.2 (not an official CPE) Yassl Cyassl 0.4.0 (not an official CPE) Yassl Cyassl 1.0.0 Rc2 (not an official CPE) Yassl Cyassl 0.6.0 (not an official CPE) Yassl Cyassl 0.5.5 (not an official CPE) Yassl Cyassl 1.6.5 (not an official CPE) Yassl Cyassl 0.5.0 (not an official CPE) Yassl Cyassl 1.5.0 (not an official CPE) Yassl Cyassl 0.9.9 (not an official CPE) Yassl Cyassl 1.3.0 (not an official CPE) Yassl Cyassl 1.2.0 (not an official CPE) Yassl Cyassl 0.3.0 (not an official CPE) Yassl Cyassl 0.8.0 (not an official CPE) Yassl Cyassl 1.4.0 (not an official CPE) Yassl Cyassl 0.2.0 (not an official CPE) Yassl Cyassl 0.9.6 (not an official CPE) Yassl Cyassl 2.4.6 (not an official CPE) Yassl Cyassl 1.8.0 (not an official CPE) Yassl Cyassl 2.4.0 (not an official CPE)