CVE-2013-1618Browser vulnerability

3 documents3 sources
Severity
4.0MEDIUMNVD
CNA2.6
EPSS
0.8%
top 26.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Opera Browser
Timeline
PublishedFeb 8
Latest updateMay 17

Description

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

NVDopera/opera_browser12.12+5

🔴Vulnerability Details

2
GHSA
GHSA-cjrv-3xx9-58f9: The TLS implementation in Opera before 122022-05-17
CVEList
CVE-2013-1618: The TLS implementation in Opera before 122013-02-08
CVE-2013-1618 — Opera Browser vulnerability | cvebase