Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-umbv-yqxu-cubb
Vulnerability ID VCID-umbv-yqxu-cubb
Aliases CVE-2013-0169
Summary The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used in OpenSSL, OpenJDK, PolarSSL, and other products, do not properly consider timing side-channel attacks on a MAC check requirement during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, aka the "Lucky Thirteen" issue.
Status Published
Exploitability 0.5
Weighted Severity 0.0
Risk None
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2013-0169
epss 0.00943 https://api.first.org/data/v1/epss?cve=CVE-2013-0169
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2013-0169.json
https://api.first.org/data/v1/epss?cve=CVE-2013-0169
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-0169
699885 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699885
699888 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699888
699889 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=699889
907589 https://bugzilla.redhat.com/show_bug.cgi?id=907589
GLSA-201310-10 https://security.gentoo.org/glsa/201310-10
GLSA-201312-03 https://security.gentoo.org/glsa/201312-03
GLSA-201401-30 https://security.gentoo.org/glsa/201401-30
GLSA-201406-32 https://security.gentoo.org/glsa/201406-32
RHSA-2013:0273 https://access.redhat.com/errata/RHSA-2013:0273
RHSA-2013:0274 https://access.redhat.com/errata/RHSA-2013:0274
RHSA-2013:0275 https://access.redhat.com/errata/RHSA-2013:0275
RHSA-2013:0531 https://access.redhat.com/errata/RHSA-2013:0531
RHSA-2013:0532 https://access.redhat.com/errata/RHSA-2013:0532
RHSA-2013:0587 https://access.redhat.com/errata/RHSA-2013:0587
RHSA-2013:0636 https://access.redhat.com/errata/RHSA-2013:0636
RHSA-2013:0782 https://access.redhat.com/errata/RHSA-2013:0782
RHSA-2013:0783 https://access.redhat.com/errata/RHSA-2013:0783
RHSA-2013:0822 https://access.redhat.com/errata/RHSA-2013:0822
RHSA-2013:0823 https://access.redhat.com/errata/RHSA-2013:0823
RHSA-2013:0833 https://access.redhat.com/errata/RHSA-2013:0833
RHSA-2013:0855 https://access.redhat.com/errata/RHSA-2013:0855
RHSA-2013:1013 https://access.redhat.com/errata/RHSA-2013:1013
RHSA-2013:1455 https://access.redhat.com/errata/RHSA-2013:1455
RHSA-2013:1456 https://access.redhat.com/errata/RHSA-2013:1456
RHSA-2014:0416 https://access.redhat.com/errata/RHSA-2014:0416
RHSA-2020:4298 https://access.redhat.com/errata/RHSA-2020:4298
USN-1732-1 https://usn.ubuntu.com/1732-1/
USN-1732-3 https://usn.ubuntu.com/1732-3/
USN-1735-1 https://usn.ubuntu.com/1735-1/
No exploits are available.
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.76636
EPSS Score 0.00943
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:29:01.042791+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0