Search for vulnerabilities
Vulnerability details: VCID-f2vh-x1qs-jubd
Vulnerability ID VCID-f2vh-x1qs-jubd
Aliases CVE-2013-1624
GHSA-8353-fgcr-xfhx
Summary Improper Input Validation in Bouncy Castle The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (5)
CWE-20 Improper Input Validation
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-310 Cryptographic Issues
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-385 Covert Timing Channel
System Score Found at
generic_textual MODERATE http://openwall.com/lists/oss-security/2013/02/05/24
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0371.html
generic_textual MODERATE http://rhn.redhat.com/errata/RHSA-2014-0372.html
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
epss 0.00534 https://api.first.org/data/v1/epss?cve=CVE-2013-1624
generic_textual MODERATE http://secunia.com/advisories/57716
generic_textual MODERATE http://secunia.com/advisories/57719
cvssv3.1_qr MODERATE https://github.com/advisories/GHSA-8353-fgcr-xfhx
generic_textual MODERATE https://nvd.nist.gov/vuln/detail/CVE-2013-1624
generic_textual MODERATE http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
Reference id Reference type URL
http://openwall.com/lists/oss-security/2013/02/05/24
http://rhn.redhat.com/errata/RHSA-2014-0371.html
http://rhn.redhat.com/errata/RHSA-2014-0372.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-1624.json
https://api.first.org/data/v1/epss?cve=CVE-2013-1624
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1624
http://secunia.com/advisories/57716
http://secunia.com/advisories/57719
https://nvd.nist.gov/vuln/detail/CVE-2013-1624
http://www.isg.rhul.ac.uk/tls/TLStiming.pdf
699885 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885
908428 https://bugzilla.redhat.com/show_bug.cgi?id=908428
GHSA-8353-fgcr-xfhx https://github.com/advisories/GHSA-8353-fgcr-xfhx
RHSA-2014:0400 https://access.redhat.com/errata/RHSA-2014:0400
RHSA-2014:0401 https://access.redhat.com/errata/RHSA-2014:0401
RHSA-2014:0896 https://access.redhat.com/errata/RHSA-2014:0896
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.66379
EPSS Score 0.00534
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T09:06:35.387226+00:00 GithubOSV Importer Import https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-8353-fgcr-xfhx/GHSA-8353-fgcr-xfhx.json 37.0.0