CVE-2013-1623

Priority
Medium
Description
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not
properly consider timing side-channel attacks on a noncompliant MAC check
operation during the processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets, a
related issue to CVE-2013-0169.
References
Bugs
Notes
 jdstrand> no updates from upstream at this time
 sarnold> not mentioned in April CPU, but the code fixed in the Debian
  bug report is present, looks fixed
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):released (5.5.31-0ubuntu0.12.04.1)
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
Package
Upstream:needs-triage
Ubuntu 12.04 LTS (Precise Pangolin):DNE
More Information

Valid XHTML 1.0 Strict

Updated: 2015-07-29 20:41:26 UTC (commit 9756)