|
|
| |
|
| |
openssl: multiple vulnerabilities
| Package(s): | openssl |
CVE #(s): | CVE-2013-0166
CVE-2013-0169
|
| Created: | February 8, 2013 |
Updated: | April 8, 2013 |
| Description: |
From the OpenSSL advisory:
SSL, TLS and DTLS Plaintext Recovery Attack (CVE-2013-0169)
Nadhem Alfardan and Kenny Paterson have discovered a weakness in the handling
of CBC ciphersuites in SSL, TLS and DTLS. Their attack exploits timing
differences arising during MAC processing. Details of this attack can be
found at: http://www.isg.rhul.ac.uk/tls/
TLS 1.1 and 1.2 AES-NI crash (CVE-2012-2686)
A flaw in the OpenSSL handling of CBC ciphersuites in TLS 1.1 and TLS 1.2 on
AES-NI supporting platforms can be exploited in a DoS attack. |
| Alerts: |
|
( Log in to post comments)
|
|
|