CVE-2013-0169

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2013-0169

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2013-0169.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2013-0169

Downstream

DEBIAN-CVE-2013-0169

DSA-2621-1

DSA-2622-1

RHSA-2013:0273

RHSA-2013:0274

RHSA-2013:0275

RHSA-2013:0531

RHSA-2013:0532

RHSA-2013:0587

RHSA-2013:0636

RHSA-2013:0822

RHSA-2013:0823

RHSA-2013:0855

RHSA-2013:1455

RHSA-2013:1456

RHSA-2014:0416

SUSE-FU-2022:0445-1

SUSE-SU-2015:0182-2

SUSE-SU-2015:0344-1

SUSE-SU-2015:0392-1

SUSE-SU-2015:0543-1

SUSE-SU-2015:0545-1

SUSE-SU-2015:0578-1

SUSE-SU-2015:1086-1

SUSE-SU-2015:1086-3

SUSE-SU-2015:1183-1

SUSE-SU-2015:1184-1

SUSE-SU-2015:1184-2

SUSE-SU-403

SUSE-SU-403 Forbidden-1

UBUNTU-CVE-2013-0169

openSUSE-SU-2024:10271-1

openSUSE-SU-2024:10529-1

openSUSE-SU-2024:10534-1

openSUSE-SU-2024:11127-1

Related

Published

2013-02-08T19:55:01Z

Modified

2025-08-09T20:01:28Z

Summary

[none]

Details

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

References

Affected packages