CVE-2013-1620

Public on 2013-02-08
Modified on 2014-09-16
Description
The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Severity
Medium severity
Medium
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 nspr 2013-08-07 ALAS-2013-216 Fixed
Amazon Linux 1 nspr 2013-12-17 ALAS-2013-266 Fixed
Amazon Linux 1 nss 2013-08-07 ALAS-2013-217 Fixed
Amazon Linux 1 nss 2013-12-17 ALAS-2013-265 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N