Your submission was sent successfully! Close

CVE-2013-1623

Published: 8 February 2013

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Notes

AuthorNote
jdstrand
no updates from upstream at this time
seth-arnold
not mentioned in April CPU, but the code fixed in the Debian
bug report is present, looks fixed
Priority

Medium

Status

Package Release Status
mysql-5.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric
Released (5.1.69-0ubuntu0.11.10.1)
precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage

mysql-5.5
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Does not exist

oneiric Does not exist

precise
Released (5.5.31-0ubuntu0.12.04.1)
quantal
Released (5.5.31-0ubuntu0.12.10.1)
raring
Released (5.5.31-0ubuntu0.13.04.1)
upstream Needs triage

mysql-dfsg-5.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid
Released (5.1.69-0ubuntu0.10.04.1)
oneiric Does not exist

precise Does not exist

quantal Does not exist

raring Does not exist

upstream Needs triage