You are here

CVE-2013-1619

Vincent (CVE) Danen's picture
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Details Source

Mitre

Public Date

2013-02-04 00:00:00

Impact

Moderate

Bugzilla

CVE-2013-1619 gnutls: TLS CBC padding timing attack (lucky-13)

Bugzilla ID

908 238

CVSS Status

verified

Base Score

5.10

Base Metrics

AV:N/AC:H/Au:N/C:P/I:P/A:P

External References

http://www.isg.rhul.ac.uk/tls/
http://www.gnutls.org/security.html#GNUTLS-SA-2013-1

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 5 (gnutls) RHSA-2013:0588 2013-03-04
Red Hat Enterprise Linux 6 (gnutls) RHSA-2013:0588 2013-03-04
RHEV Hypervisor for RHEL-6 (rhev-hypervisor6) RHSA-2013:0636 2013-03-13

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 6 mingw32-gnutls Will not fix