CVE-2013-1623

Published: 08 February 2013

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-5.5
Launchpad, Ubuntu, Debian
Upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
Upstream Needs triage

Notes

AuthorNote
jdstrand
no updates from upstream at this time
seth-arnold
not mentioned in April CPU, but the code fixed in the Debian
bug report is present, looks fixed

References

Bugs