VYPR
Moderate severityNVD Advisory· Published Feb 8, 2013· Updated Jun 16, 2026

CVE-2013-1624

CVE-2013-1624

Description

The TLS implementation in the Bouncy Castle Java library before 1.48 and C# library before 1.8 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the processing of malformed CBC padding, which allows remote attackers to conduct distinguishing attacks and plaintext-recovery attacks via statistical analysis of timing data for crafted packets, a related issue to CVE-2013-0169.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.bouncycastle:bcprov-jdk15onMaven
< 1.481.48

Affected products

57
  • cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*+ 46 more
    • cpe:2.3:a:bouncycastle:bc-java:1.01:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.02:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.03:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.04:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.05:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.06:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.07:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.08:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.09:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.10:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.11:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.12:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.13:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.14:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.15:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.16:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.17:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.18:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.19:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.20:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.21:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.22:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.23:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.24:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.25:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.26:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.27:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.28:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.29:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.30:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.31:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.32:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.33:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.34:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.35:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.36:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.37:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.38:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.39:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.40:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.41:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.42:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.43:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.44:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.45:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.46:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:bc-java:1.47:*:*:*:*:*:*:*
  • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:0.0:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.2:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.3:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.4:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.5:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-c\#-cryptography-api:1.7:*:*:*:*:*:*:*

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.