CVE-2013-1623

Published: Feb 8, 2013Modified: Apr 29, 2026

4.3

Vector

AV:N/AC:M/Au:N/C:P/I:N/A:N

Exploitability: 8.6 / Impact: 2.9

Source: NVD

Description

The TLS and DTLS implementations in wolfSSL CyaSSL before 2.5.0 do not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected (40)

Products: Yassl: Cyassl

Yassl

1 product

Cyassl

Configuration A

40 vulnerable

Vulnerable Software	Affected Versions
Yassl Cyassl	Up to 2.4.6
Yassl Cyassl	Version 0.2.0
Yassl Cyassl	Version 0.3.0
Yassl Cyassl	Version 0.4.0
Yassl Cyassl	Version 0.5.0
Yassl Cyassl	Version 0.5.5
Yassl Cyassl	Version 0.6.0
Yassl Cyassl	Version 0.6.2
Yassl Cyassl	Version 0.6.3
Yassl Cyassl	Version 0.8.0
Yassl Cyassl	Version 0.9.0
Yassl Cyassl	Version 0.9.6
Yassl Cyassl	Version 0.9.8
Yassl Cyassl	Version 0.9.9
Yassl Cyassl	Version 1.0.0 rc1
Yassl Cyassl	Version 1.0.0 rc2
Yassl Cyassl	Version 1.0.0 rc3
Yassl Cyassl	Version 1.0.2
Yassl Cyassl	Version 1.0.3
Yassl Cyassl	Version 1.0.6
Yassl Cyassl	Version 1.1.0
Yassl Cyassl	Version 1.2.0
Yassl Cyassl	Version 1.3.0
Yassl Cyassl	Version 1.4.0
Yassl Cyassl	Version 1.5.0
Yassl Cyassl	Version 1.5.4
Yassl Cyassl	Version 1.5.6
Yassl Cyassl	Version 1.6.0
Yassl Cyassl	Version 1.6.5
Yassl Cyassl	Version 1.8.0
Yassl Cyassl	Version 1.9.0
Yassl Cyassl	Version 2.0.0 rc1
Yassl Cyassl	Version 2.0.0 rc2
Yassl Cyassl	Version 2.0.0 rc3
Yassl Cyassl	Version 2.0.2
Yassl Cyassl	Version 2.0.6
Yassl Cyassl	Version 2.0.8
Yassl Cyassl	Version 2.2.0
Yassl Cyassl	Version 2.3.0
Yassl Cyassl	Version 2.4.0