CVE-2013-1620
published 2013-02-08CVE-2013-1620: The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Affected
33 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| debian | nss | < nss 2:3.14.3-1 (bookworm) | nss 2:3.14.3-1 (bookworm) |
| mozilla | network_security_services | < 3.14.3 | 3.14.3 |
| mozilla | nss | >= 0 < 2:3.14.3-1 | 2:3.14.3-1 |
| mozilla | nss | >= 0 < 2:3.14.3-1 | 2:3.14.3-1 |
| mozilla | nss | >= 0 < 2:3.14.3-1 | 2:3.14.3-1 |
| mozilla | nss | >= 0 < 2:3.14.3-1 | 2:3.14.3-1 |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | enterprise_manager_ops_center | — | — |
| oracle | glassfish_communications_server | — | — |
| oracle | glassfish_server | — | — |
| oracle | iplanet_web_proxy_server | — | — |
| oracle | iplanet_web_server | — | — |
| oracle | iplanet_web_server | — | — |
| oracle | opensso | — | — |
| oracle | traffic_director | — | — |
| oracle | traffic_director | — | — |
| oracle | vm_server | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_desktop | — | — |
| redhat | enterprise_linux_eus | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv2.6LOW