FKIE_CVE-2013-1619

Vulnerability from fkie_nvd - Published: 2013-02-08 19:55 - Updated: 2026-04-29 01:13
Severity
Summary
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
References
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
cve@mitre.orghttp://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
cve@mitre.orghttp://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html
cve@mitre.orghttp://openwall.com/lists/oss-security/2013/02/05/24
cve@mitre.orghttp://rhn.redhat.com/errata/RHSA-2013-0588.html
cve@mitre.orghttp://secunia.com/advisories/57260
cve@mitre.orghttp://secunia.com/advisories/57274
cve@mitre.orghttp://www.gnutls.org/security.html#GNUTLS-SA-2013-1
cve@mitre.orghttp://www.isg.rhul.ac.uk/tls/TLStiming.pdf
cve@mitre.orghttp://www.ubuntu.com/usn/USN-1752-1
cve@mitre.orghttps://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0Exploit, Patch
cve@mitre.orghttps://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html
af854a3a-2127-422b-91ae-364da2661108http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html
af854a3a-2127-422b-91ae-364da2661108http://openwall.com/lists/oss-security/2013/02/05/24
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2013-0588.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57274
af854a3a-2127-422b-91ae-364da2661108http://www.gnutls.org/security.html#GNUTLS-SA-2013-1
af854a3a-2127-422b-91ae-364da2661108http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1752-1
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198Exploit, Patch
Impacted products
Vendor Product Version
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 2.12.15
gnu gnutls 2.12.16
gnu gnutls 2.12.17
gnu gnutls 2.12.18
gnu gnutls 2.12.19
gnu gnutls 2.12.20
gnu gnutls 2.12.21
gnu gnutls 2.12.22
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
gnu gnutls 3.0.15
gnu gnutls 3.0.16
gnu gnutls 3.0.17
gnu gnutls 3.0.18
gnu gnutls 3.0.19
gnu gnutls 3.0.20
gnu gnutls 3.0.21
gnu gnutls 3.0.22
gnu gnutls 3.0.23
gnu gnutls 3.0.24
gnu gnutls 3.0.25
gnu gnutls 3.0.26
gnu gnutls 3.0.27
gnu gnutls 3.1.0
gnu gnutls 3.1.1
gnu gnutls 3.1.2
gnu gnutls 3.1.3
gnu gnutls 3.1.4
gnu gnutls 3.1.5
gnu gnutls 3.1.6
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "28795719-99A4-4DA3-AE98-4FDBEE320AAD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "13A85219-2DF1-4F84-A8AC-C923F8F7AF1C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "CECB347D-51C9-4905-8035-61D5EE05D751",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "53C7F93C-6997-490C-988F-B58C26467265",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "FCEAB96B-92C8-4D72-8BF0-5B9578549233",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "0441F505-F28B-466F-8B68-E165154D3738",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "0FEAB490-9368-453F-8CA0-699FBC86BF01",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC3A72EF-FB1C-4CD8-B6C7-B7D60D6A14D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.16:*:*:*:*:*:*:*",
              "matchCriteriaId": "14624E40-3CAA-45E5-BDF2-F08706FC68BF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.17:*:*:*:*:*:*:*",
              "matchCriteriaId": "E743ABC3-6F24-43E1-98E5-6F60BE975212",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.18:*:*:*:*:*:*:*",
              "matchCriteriaId": "0BDA000C-A616-402B-B964-D5F4ADB6B550",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.19:*:*:*:*:*:*:*",
              "matchCriteriaId": "62789464-0074-4009-B97B-665A21E0CC25",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "4B02B1BA-4E05-4AFD-B1F8-1CB54F2DC5B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "95A77487-3ABD-40F5-9C98-49A65ED7F16D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "3911F202-5E7B-4DE3-90D9-07278923036B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "4CF1B6CF-3434-4874-9324-87D045511A13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "133CA307-1B3A-4DBB-89F8-C780E4B1BA7C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "48CD2EAB-A10E-4C91-9D00-9F98BD63CA1A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "F97BE4C9-E7FC-44FE-9F11-7776BCD6E81F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "D97EAF12-679B-4494-871F-0074ABD0E20B",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D91451B0-301B-430D-9D77-00F4AE91C10A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6917AC57-F49D-4EFC-920C-CCAFDF6174B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E7ACCE21-A19D-4BE5-9BED-30C5A7418719",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "344CCDAD-64EC-419C-995B-51F922AB9E39",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "49DB8FC4-F84A-47FD-9586-CF02761152A5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1B43AF4-E52B-46EA-81CF-D4DCAE82E7DD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "D57BDDEB-090D-472C-9FB6-4555429860E5",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169."
    },
    {
      "lang": "es",
      "value": "La implementaci\u00f3n de TLS en GnuTLS antes de v2.12.23, v3.0.x antes de v3.0.28, y v3.1.x antes de v3.1.7 no tiene debidamente en cuenta los ataques de tiempo al canal lateral en la operaci\u00f3n de comprobaci\u00f3n de incumplimiento MAC durante el proceso de relleno CBC malformado, lo que permite a atacantes remotos realizar ataques distintivos y de texto plano ataques de recuperaci\u00f3n a trav\u00e9s de an\u00e1lisis estad\u00edstico de datos de tiempo de los paquetes hechos a mano, una cuesti\u00f3n relacionada con CVE-2013-0169."
    }
  ],
  "id": "CVE-2013-1619",
  "lastModified": "2026-04-29T01:13:23.040",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "HIGH",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 4.9,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-02-08T19:55:01.157",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/57274"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.ubuntu.com/usn/USN-1752-1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00009.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2013-05/msg00023.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://nmav.gnutls.org/2013/02/time-is-money-for-cbc-ciphersuites.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://openwall.com/lists/oss-security/2013/02/05/24"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2013-0588.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57274"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.gnutls.org/security.html#GNUTLS-SA-2013-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1752-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gitorious.org/gnutls/gnutls/commit/328ee22c1b3951e060c7124c7cb1cee592c59bc0"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://gitorious.org/gnutls/gnutls/commit/b8391806cd79095fe566f2401d8c7ad85a64b198"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.





Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.


Detection rules are retrieved from Rulezet.