CVE-2013-1619 — Gnutls vulnerability

15 documents8 sources

Severity

4.0MEDIUMNVD

CNA2.6OSV2.6

EPSS

1.2%

top 20.88%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Gnutls

Timeline

PublishedFeb 8

Latest updateMay 17

Description

The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

CVSS vector

AV:N/AC:H/C:P/I:P/A:NExploitability: 4.9 | Impact: 4.9

Affected Packages1 packages

▶NVDgnu/gnutls118 versions+117

Patches

Patch: gitorious.org ↗Patch: gitorious.org ↗Patch: gitorious.org ↗

🔴Vulnerability Details

GHSA

GHSA-qmwj-552p-59h4: The TLS implementation in GnuTLS before 2↗2022-05-17

▶

OSV

CVE-2013-1619: The TLS implementation in GnuTLS before 2↗2013-02-08

▶

CVEList

CVE-2013-1619: The TLS implementation in GnuTLS before 2↗2013-02-08

▶

📋Vendor Advisories

Ubuntu

GnuTLS vulnerability↗2013-02-27

▶

Red Hat

gnutls: TLS CBC padding timing attack (lucky-13)↗2013-02-04

▶

Debian

CVE-2013-1619: gnutls28 - The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x ...↗2013

▶

💬Community

Bugzilla

CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)↗2013-05-23

▶

Bugzilla

CVE-2013-1619 gnutls: TLS CBC padding timing attack [fedora-18]↗2013-02-06

▶

Bugzilla

CVE-2013-1619 gnutls: TLS CBC padding timing attack (lucky-13)↗2013-02-06

▶

Bugzilla

CVE-2013-1619 gnutls: TLS CBC padding timing attack [fedora-17]↗2013-02-06

▶

Bugzilla

CVE-2013-1619 gnutls: TLS CBC padding timing attack [epel-5]↗2013-02-06

▶