CVE-2013-1618

Upstream information

CVE-2013-1618 at MITRE

Description

The TLS implementation in Opera before 12.13 does not properly consider timing side-channel attacks on a MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

SUSE information

CVSS v2 Scores
	National Vulnerability Database
Base Score	4.04
Vector	AV:N/AC:H/Au:N/C:P/I:P/A:N
Access Vector	Network
Access Complexity	High
Authentication	None
Confidentiality Impact	Partial
Integrity Impact	Partial
Availability Impact	None

SUSE Bugzilla entries: 801233 [RESOLVED / FIXED], 802184 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2013:0289-1, published Wed, 13 Feb 2013 10:04:24 +0100 (CET)
openSUSE-SU-2013:0289-2, published Thu, 28 Feb 2013 18:28:23 +0100 (CET)

CVE-2013-1618

Common Vulnerabilities and Exposures

Upstream information

Description

SUSE information

Services