cve/CVE-2013-1620.md at d265b01db84ea263ae08fa7d2c08cb82387c2083

admin/cve

mirror of https://github.com/0xMarcio/cve.git synced 2025-05-07 03:02:30 +00:00

0xMarcio 48a00929ac Removed duplicates

2024-06-18 02:51:15 +02:00

Description

The TLS implementation in Mozilla Network Security Services (NSS) does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

POC

Reference

http://seclists.org/fulldisclosure/2014/Dec/23
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
http://www.oracle.com/technetwork/topics/security/cpuapr2014-1972952.html
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html
http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
http://www.vmware.com/security/advisories/VMSA-2014-0012.html

Github

https://github.com/Live-Hack-CVE/CVE-2013-1620

1.3 KiB Raw Blame History

CVE-2013-1620

Description

POC

Reference

Github

1.3 KiB

Raw Blame History