The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gnutls | Gnu | 2.0.0 (including) | 2.0.0 (including) |
| Gnutls | Gnu | 2.0.1 (including) | 2.0.1 (including) |
| Gnutls | Gnu | 2.0.2 (including) | 2.0.2 (including) |
| Gnutls | Gnu | 2.0.3 (including) | 2.0.3 (including) |
| Gnutls | Gnu | 2.0.4 (including) | 2.0.4 (including) |
| Gnutls | Gnu | 2.1.0 (including) | 2.1.0 (including) |
| Gnutls | Gnu | 2.1.1 (including) | 2.1.1 (including) |
| Gnutls | Gnu | 2.1.2 (including) | 2.1.2 (including) |
| Gnutls | Gnu | 2.1.3 (including) | 2.1.3 (including) |
| Gnutls | Gnu | 2.1.4 (including) | 2.1.4 (including) |
| Gnutls | Gnu | 2.1.5 (including) | 2.1.5 (including) |
| Gnutls | Gnu | 2.1.6 (including) | 2.1.6 (including) |
| Gnutls | Gnu | 2.1.7 (including) | 2.1.7 (including) |
| Gnutls | Gnu | 2.1.8 (including) | 2.1.8 (including) |
| Gnutls | Gnu | 2.2.0 (including) | 2.2.0 (including) |
| Gnutls | Gnu | 2.2.1 (including) | 2.2.1 (including) |
| Gnutls | Gnu | 2.2.2 (including) | 2.2.2 (including) |
| Gnutls | Gnu | 2.2.3 (including) | 2.2.3 (including) |
| Gnutls | Gnu | 2.2.4 (including) | 2.2.4 (including) |
| Gnutls | Gnu | 2.2.5 (including) | 2.2.5 (including) |
| Gnutls | Gnu | 2.3.0 (including) | 2.3.0 (including) |
| Gnutls | Gnu | 2.3.1 (including) | 2.3.1 (including) |
| Gnutls | Gnu | 2.3.2 (including) | 2.3.2 (including) |
| Gnutls | Gnu | 2.3.3 (including) | 2.3.3 (including) |
| Gnutls | Gnu | 2.3.4 (including) | 2.3.4 (including) |
| Gnutls | Gnu | 2.3.5 (including) | 2.3.5 (including) |
| Gnutls | Gnu | 2.3.6 (including) | 2.3.6 (including) |
| Gnutls | Gnu | 2.3.7 (including) | 2.3.7 (including) |
| Gnutls | Gnu | 2.3.8 (including) | 2.3.8 (including) |
| Gnutls | Gnu | 2.3.9 (including) | 2.3.9 (including) |
| Gnutls | Gnu | 2.3.10 (including) | 2.3.10 (including) |
| Gnutls | Gnu | 2.3.11 (including) | 2.3.11 (including) |
| Gnutls | Gnu | 2.4.0 (including) | 2.4.0 (including) |
| Gnutls | Gnu | 2.4.1 (including) | 2.4.1 (including) |
| Gnutls | Gnu | 2.4.2 (including) | 2.4.2 (including) |
| Gnutls | Gnu | 2.4.3 (including) | 2.4.3 (including) |
| Gnutls | Gnu | 2.5.0 (including) | 2.5.0 (including) |
| Gnutls | Gnu | 2.6.0 (including) | 2.6.0 (including) |
| Gnutls | Gnu | 2.6.1 (including) | 2.6.1 (including) |
| Gnutls | Gnu | 2.6.2 (including) | 2.6.2 (including) |
| Gnutls | Gnu | 2.6.3 (including) | 2.6.3 (including) |
| Gnutls | Gnu | 2.6.4 (including) | 2.6.4 (including) |
| Gnutls | Gnu | 2.6.5 (including) | 2.6.5 (including) |
| Gnutls | Gnu | 2.6.6 (including) | 2.6.6 (including) |
| Gnutls | Gnu | 2.7.4 (including) | 2.7.4 (including) |
| Gnutls | Gnu | 2.8.0 (including) | 2.8.0 (including) |
| Gnutls | Gnu | 2.8.1 (including) | 2.8.1 (including) |
| Gnutls | Gnu | 2.8.2 (including) | 2.8.2 (including) |
| Gnutls | Gnu | 2.8.3 (including) | 2.8.3 (including) |
| Gnutls | Gnu | 2.8.4 (including) | 2.8.4 (including) |
| Gnutls | Gnu | 2.8.5 (including) | 2.8.5 (including) |
| Gnutls | Gnu | 2.8.6 (including) | 2.8.6 (including) |
| Gnutls | Gnu | 2.10.0 (including) | 2.10.0 (including) |
| Gnutls | Gnu | 2.10.1 (including) | 2.10.1 (including) |
| Gnutls | Gnu | 2.10.2 (including) | 2.10.2 (including) |
| Gnutls | Gnu | 2.10.3 (including) | 2.10.3 (including) |
| Gnutls | Gnu | 2.10.4 (including) | 2.10.4 (including) |
| Gnutls | Gnu | 2.10.5 (including) | 2.10.5 (including) |
| Gnutls | Gnu | 2.12.0 (including) | 2.12.0 (including) |
| Gnutls | Gnu | 2.12.1 (including) | 2.12.1 (including) |
| Gnutls | Gnu | 2.12.2 (including) | 2.12.2 (including) |
| Gnutls | Gnu | 2.12.3 (including) | 2.12.3 (including) |
| Gnutls | Gnu | 2.12.4 (including) | 2.12.4 (including) |
| Gnutls | Gnu | 2.12.5 (including) | 2.12.5 (including) |
| Gnutls | Gnu | 2.12.6 (including) | 2.12.6 (including) |
| Gnutls | Gnu | 2.12.6.1 (including) | 2.12.6.1 (including) |
| Gnutls | Gnu | 2.12.7 (including) | 2.12.7 (including) |
| Gnutls | Gnu | 2.12.8 (including) | 2.12.8 (including) |
| Gnutls | Gnu | 2.12.9 (including) | 2.12.9 (including) |
| Gnutls | Gnu | 2.12.10 (including) | 2.12.10 (including) |
| Gnutls | Gnu | 2.12.11 (including) | 2.12.11 (including) |
| Gnutls | Gnu | 2.12.12 (including) | 2.12.12 (including) |
| Gnutls | Gnu | 2.12.13 (including) | 2.12.13 (including) |
| Gnutls | Gnu | 2.12.14 (including) | 2.12.14 (including) |
| Gnutls | Gnu | 2.12.15 (including) | 2.12.15 (including) |
| Gnutls | Gnu | 2.12.16 (including) | 2.12.16 (including) |
| Gnutls | Gnu | 2.12.17 (including) | 2.12.17 (including) |
| Gnutls | Gnu | 2.12.18 (including) | 2.12.18 (including) |
| Gnutls | Gnu | 2.12.19 (including) | 2.12.19 (including) |
| Gnutls | Gnu | 2.12.20 (including) | 2.12.20 (including) |
| Gnutls | Gnu | 2.12.21 (including) | 2.12.21 (including) |
| Gnutls | Gnu | 2.12.22 (including) | 2.12.22 (including) |
| Red Hat Enterprise Linux 5 | RedHat | gnutls-0:1.4.1-10.el5_9.1 | * |
| Red Hat Enterprise Linux 6 | RedHat | gnutls-0:2.8.5-10.el6_4.1 | * |
| RHEV 3.X Hypervisor and Agents for RHEL-6 | RedHat | rhev-hypervisor6-0:6.4-20130306.2.el6_4 | * |
| Gnutls13 | Ubuntu | hardy | * |
| Gnutls26 | Ubuntu | lucid | * |
| Gnutls26 | Ubuntu | oneiric | * |
| Gnutls26 | Ubuntu | precise | * |
| Gnutls26 | Ubuntu | quantal | * |
| Gnutls26 | Ubuntu | upstream | * |
| Gnutls28 | Ubuntu | precise | * |
| Gnutls28 | Ubuntu | quantal | * |
| Gnutls28 | Ubuntu | raring | * |
| Gnutls28 | Ubuntu | upstream | * |