Vulnerability Database

289,697

Total vulnerabilities in the database

CVE-2013-0169

The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.

  • Published: Feb 8, 2013
  • Updated: Apr 13, 2023
  • CVE: CVE-2013-0169
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 2.6
  • AV:N/AC:H/Au:N/C:P/I:N/A:N

CWEs:

Software From Fixed in
openssl / openssl 1.0.0 1.0.0j.x
openssl / openssl 0.9.8 0.9.8x.x
openssl / openssl 1.0.1 1.0.1d.x
oracle / openjdk 1.7.0 1.7.0.x
oracle / openjdk 1.6.0 1.6.0.x
polarssl / polarssl 0.14.2 0.14.2.x
polarssl / polarssl 0.11.0 0.11.0.x
polarssl / polarssl 1.0.0 1.0.0.x
polarssl / polarssl 0.13.1 0.13.1.x
polarssl / polarssl 1.1.3 1.1.3.x
polarssl / polarssl 0.12.1 0.12.1.x
polarssl / polarssl 0.99-pre3 0.99-pre3.x
polarssl / polarssl 0.99-pre5 0.99-pre5.x
polarssl / polarssl 0.11.1 0.11.1.x
polarssl / polarssl 1.1.4 1.1.4.x
polarssl / polarssl 0.14.0 0.14.0.x
polarssl / polarssl 1.1.1 1.1.1.x
polarssl / polarssl 0.99-pre1 0.99-pre1.x
polarssl / polarssl 1.1.2 1.1.2.x
polarssl / polarssl 0.14.3 0.14.3.x
polarssl / polarssl 1.1.0-rc1 1.1.0-rc1.x
polarssl / polarssl 1.1.0-rc0 1.1.0-rc0.x
polarssl / polarssl 1.1.0 1.1.0.x
polarssl / polarssl 0.10.1 0.10.1.x
polarssl / polarssl 0.99-pre4 0.99-pre4.x
polarssl / polarssl 0.12.0 0.12.0.x
polarssl / polarssl 0.10.0 0.10.0.x
oracle / openjdk 1.7.0-update2 1.7.0-update2.x
oracle / openjdk 1.7.0-update3 1.7.0-update3.x
oracle / openjdk 1.7.0-update4 1.7.0-update4.x
oracle / openjdk 1.7.0-update5 1.7.0-update5.x
oracle / openjdk 1.7.0-update6 1.7.0-update6.x
oracle / openjdk 1.7.0-update7 1.7.0-update7.x
oracle / openjdk 1.7.0-update9 1.7.0-update9.x
oracle / openjdk 1.7.0-update10 1.7.0-update10.x
oracle / openjdk 1.7.0-update11 1.7.0-update11.x
oracle / openjdk 1.7.0-update13 1.7.0-update13.x
oracle / openjdk 1.6.0-update34 1.6.0-update34.x
oracle / openjdk 1.6.0-update35 1.6.0-update35.x
oracle / openjdk 1.6.0-update37 1.6.0-update37.x
oracle / openjdk 1.6.0-update38 1.6.0-update38.x
oracle / openjdk 1.6.0-update2 1.6.0-update2.x
oracle / openjdk 1.6.0-update3 1.6.0-update3.x
oracle / openjdk 1.6.0-update4 1.6.0-update4.x
oracle / openjdk 1.6.0-update5 1.6.0-update5.x
oracle / openjdk 1.6.0-update6 1.6.0-update6.x
oracle / openjdk 1.6.0-update7 1.6.0-update7.x
oracle / openjdk 1.6.0-update11 1.6.0-update11.x
oracle / openjdk 1.6.0-update12 1.6.0-update12.x
oracle / openjdk 1.6.0-update13 1.6.0-update13.x
oracle / openjdk 1.6.0-update14 1.6.0-update14.x
oracle / openjdk 1.6.0-update15 1.6.0-update15.x
oracle / openjdk 1.6.0-update16 1.6.0-update16.x
oracle / openjdk 1.6.0-update17 1.6.0-update17.x
oracle / openjdk 1.6.0-update18 1.6.0-update18.x
oracle / openjdk 1.6.0-update19 1.6.0-update19.x
oracle / openjdk 1.6.0-update20 1.6.0-update20.x
oracle / openjdk 1.6.0-update21 1.6.0-update21.x
oracle / openjdk 1.6.0-update22 1.6.0-update22.x
oracle / openjdk 1.6.0-update23 1.6.0-update23.x
oracle / openjdk 1.6.0-update24 1.6.0-update24.x
oracle / openjdk 1.6.0-update25 1.6.0-update25.x
oracle / openjdk 1.6.0-update26 1.6.0-update26.x
oracle / openjdk 1.6.0-update27 1.6.0-update27.x
oracle / openjdk 1.6.0-update29 1.6.0-update29.x
oracle / openjdk 1.6.0-update30 1.6.0-update30.x
oracle / openjdk 1.6.0-update31 1.6.0-update31.x
oracle / openjdk 1.6.0-update32 1.6.0-update32.x
oracle / openjdk 1.6.0-update33 1.6.0-update33.x
oracle / openjdk 1.7.0-update1 1.7.0-update1.x
oracle / openjdk 1.6.0-update1 1.6.0-update1.x
oracle / openjdk 1.6.0-update10 1.6.0-update10.x