CVE-2013-1620

Public on 2013-02-08
Modified on 2014-09-16
Description

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Severity
Medium
See what this means
CVSS v3 Base Score
5.1
See breakdown

Affected Packages

Platform Package Release Date Advisory
Amazon Linux 1 nspr 2013-08-07 21:23 ALAS-2013-216
Amazon Linux 1 nspr 2013-12-17 21:31 ALAS-2013-266
Amazon Linux 1 nss 2013-08-07 21:23 ALAS-2013-217
Amazon Linux 1 nss 2013-12-17 21:31 ALAS-2013-265

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv2 5.1 AV:N/AC:H/Au:N/C:P/I:P/A:P
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:P/I:N/A:N