CVE-2013-1624

Published: Feb 8, 2013Modified: Apr 29, 2026

4.0

Vector

AV:N/AC:H/Au:N/C:P/I:P/A:N

Exploitability: 4.9 / Impact: 4.9

Source: NVD

Description

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

Affected (56)

Products: Bouncycastle: Bc Java, Legion Of The Bouncy Castle C# Cryptography Api

Bouncycastle

2 products

Bc Java

Legion Of The Bouncy Castle C# Cryptography Api

Configuration A

47 vulnerable

Vulnerable Software	Affected Versions
Bouncycastle Bc Java	Version 1.01
Bouncycastle Bc Java	Version 1.02
Bouncycastle Bc Java	Version 1.03
Bouncycastle Bc Java	Version 1.04
Bouncycastle Bc Java	Version 1.05
Bouncycastle Bc Java	Version 1.06
Bouncycastle Bc Java	Version 1.07
Bouncycastle Bc Java	Version 1.08
Bouncycastle Bc Java	Version 1.09
Bouncycastle Bc Java	Version 1.10
Bouncycastle Bc Java	Version 1.11
Bouncycastle Bc Java	Version 1.12
Bouncycastle Bc Java	Version 1.13
Bouncycastle Bc Java	Version 1.14
Bouncycastle Bc Java	Version 1.15
Bouncycastle Bc Java	Version 1.16
Bouncycastle Bc Java	Version 1.17
Bouncycastle Bc Java	Version 1.18
Bouncycastle Bc Java	Version 1.19
Bouncycastle Bc Java	Version 1.20
Bouncycastle Bc Java	Version 1.21
Bouncycastle Bc Java	Version 1.22
Bouncycastle Bc Java	Version 1.23
Bouncycastle Bc Java	Version 1.24
Bouncycastle Bc Java	Version 1.25
Bouncycastle Bc Java	Version 1.26
Bouncycastle Bc Java	Version 1.27
Bouncycastle Bc Java	Version 1.28
Bouncycastle Bc Java	Version 1.29
Bouncycastle Bc Java	Version 1.30
Bouncycastle Bc Java	Version 1.31
Bouncycastle Bc Java	Version 1.32
Bouncycastle Bc Java	Version 1.33
Bouncycastle Bc Java	Version 1.34
Bouncycastle Bc Java	Version 1.35
Bouncycastle Bc Java	Version 1.36
Bouncycastle Bc Java	Version 1.37
Bouncycastle Bc Java	Version 1.38
Bouncycastle Bc Java	Version 1.39
Bouncycastle Bc Java	Version 1.40
Bouncycastle Bc Java	Version 1.41
Bouncycastle Bc Java	Version 1.42
Bouncycastle Bc Java	Version 1.43
Bouncycastle Bc Java	Version 1.44
Bouncycastle Bc Java	Version 1.45
Bouncycastle Bc Java	Version 1.46
Bouncycastle Bc Java	Version 1.47

Configuration B

9 vulnerable

Vulnerable Software	Affected Versions
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 0.0
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.0
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.1
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.2
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.3
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.4
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.5
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.6.1
Bouncycastle Legion Of The Bouncy Castle C# Cryptography Api	Version 1.7