cbcvebase.
CVE-2013-0169
published 2013-02-08

CVE-2013-0169: The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing…

PriorityP426low2.6CVSS 2.0
AVNACHAuNCPINAN
EPSS
35.58%
98.3th percentile
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

Affected

354 ranges· showing 25
VendorProductVersion rangeFixed in
armmbed_tls< 2.1.142.1.14
armmbed_tls>= 2.2.0 < 2.7.52.7.5
armmbed_tls>= 2.8.0 < 2.12.02.12.0
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java
bouncycastlebc-java

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:P/I:N/A:N
ghsa2.6LOW
osv2.6LOW
vendor_ubuntu5.0MEDIUM
vendor_debian2.6LOW
vendor_redhat2.6LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.