{"id":"CVE-2013-0169","details":"The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the \"Lucky Thirteen\" issue.","modified":"2026-04-16T06:18:35.371509280Z","published":"2013-02-08T19:55:01Z","related":["SUSE-FU-2022:0445-1","SUSE-SU-2015:0182-2","SUSE-SU-2015:0344-1","SUSE-SU-2015:0392-1","SUSE-SU-2015:0543-1","SUSE-SU-2015:0545-1","SUSE-SU-2015:0578-1","SUSE-SU-2015:1086-1","SUSE-SU-2015:1086-3","SUSE-SU-2015:1183-1","SUSE-SU-2015:1184-1","SUSE-SU-2015:1184-2","SUSE-SU-403","SUSE-SU-403 Forbidden-1","openSUSE-SU-2024:10271-1","openSUSE-SU-2024:10529-1","openSUSE-SU-2024:10534-1","openSUSE-SU-2024:11127-1"],"references":[{"type":"ADVISORY","url":"http://blog.fuseyism.com/index.php/2013/02/20/security-icedtea-2-1-6-2-2-6-2-3-7-for-openjdk-7-released/"},{"type":"ADVISORY","url":"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"},{"type":"ADVISORY","url":"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101366.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2013-02/msg00020.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00000.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2013-03/msg00002.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2013-04/msg00020.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00027.html"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2016-03/msg00011.html"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=136396549913849&w=2"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=136432043316835&w=2"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=136439120408139&w=2"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=136733161405818&w=2"},{"type":"ADVISORY","url":"http://marc.info/?l=bugtraq&m=137545771702053&w=2"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0587.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0782.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0783.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-0833.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1455.html"},{"type":"ADVISORY","url":"http://rhn.redhat.com/errata/RHSA-2013-1456.html"},{"type":"ADVISORY","url":"http://secunia.com/advisories/53623"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55108"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55139"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55322"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55350"},{"type":"ADVISORY","url":"http://secunia.com/advisories/55351"},{"type":"ADVISORY","url":"http://security.gentoo.org/glsa/glsa-201406-32.xml"},{"type":"ADVISORY","url":"http://support.apple.com/kb/HT5880"},{"type":"ADVISORY","url":"http://www-01.ibm.com/support/docview.wss?uid=swg21644047"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2621"},{"type":"ADVISORY","url":"http://www.debian.org/security/2013/dsa-2622"},{"type":"ADVISORY","url":"http://www.isg.rhul.ac.uk/tls/TLStiming.pdf"},{"type":"ADVISORY","url":"http://www.kb.cert.org/vuls/id/737740"},{"type":"ADVISORY","url":"http://www.mandriva.com/security/advisories?name=MDVSA-2013:095"},{"type":"ADVISORY","url":"http://www.matrixssl.org/news.html"},{"type":"ADVISORY","url":"http://www.openssl.org/news/secadv_20130204.txt"},{"type":"ADVISORY","url":"http://www.oracle.com/technetwork/topics/security/javacpufeb2013update-1905892.html"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/57778"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1029190"},{"type":"ADVISORY","url":"http://www.splunk.com/view/SP-CAAAHXG"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-1735-1"},{"type":"ADVISORY","url":"http://www.us-cert.gov/cas/techalerts/TA13-051A.html"},{"type":"ADVISORY","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-556833.pdf"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/09/msg00029.html"},{"type":"ADVISORY","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19608"},{"type":"ADVISORY","url":"https://polarssl.org/tech-updates/releases/polarssl-1.2.5-released"},{"type":"ADVISORY","url":"https://puppet.com/security/cve/cve-2013-0169"},{"type":"ADVISORY","url":"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-c03883001"},{"type":"ADVISORY","url":"https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0084"},{"type":"ARTICLE","url":"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html"},{"type":"ARTICLE","url":"http://openwall.com/lists/oss-security/2013/02/05/24"},{"type":"WEB","url":"http://www.kb.cert.org/vuls/id/737740"},{"type":"WEB","url":"http://www.us-cert.gov/cas/techalerts/TA13-051A.html"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18841"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19016"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19424"},{"type":"WEB","url":"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19540"}],"schema_version":"1.7.5"}