CVE-2013-1623

Priority
Description
The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not
properly consider timing side-channel attacks on a noncompliant MAC check
operation during the processing of malformed CBC padding, which allows
remote attackers to conduct distinguishing attacks and plaintext-recovery
attacks via statistical analysis of timing data for crafted packets, a
related issue to CVE-2013-0169.
Notes
jdstrandno updates from upstream at this time
sarnoldnot mentioned in April CPU, but the code fixed in the Debian
bug report is present, looks fixed
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:needs-triage
More Information

Updated: 2019-12-05 21:03:10 UTC (commit 0aa5e7c87c8b55d2ec5c7f4ca1179cf75de91961)