DSA-2622-1 polarssl -- severalID: oval:org.secpod.oval:def:600965 | Date: (C)2013-02-17 (M)2023-12-07 |
Class: PATCH | Family: unix |
Multiple vulnerabilities have been found in OpenSSL. The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-0169 A timing side channel attack has been found in CBC padding allowing an attacker to recover pieces of plaintext via statistical analysis of crafted packages, known as the quot;Lucky Thirteenquot; issue. CVE-2013-1621 An array index error might allow remote attackers to cause a denial of service via vectors involving a crafted padding-length value during validation of CBC padding in a TLS session CVE-2013-1622 Malformed CBC data in a TLS session could allow remote attackers to conduct distinguishing attacks via statistical analysis of timing side-channel data for crafted packets.
Product: |
libpolarssl-dev |
libpolarssl-runtime |