[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-MGASA-2013-0290":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T02:55:30.529Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":11,"aliases":12,"duplicate_of":9,"upstream":13,"downstream":20,"duplicates":21,"related":22,"reserved_at":9,"published_at":26,"modified_at":27,"state":9,"summary":28,"references_raw":30,"kevs":67,"epss":9,"epss_history":68,"metrics":69,"affected":70},"MGASA-2013-0290","Updated polarssl package fixes security vulnerabilities\n\nThe TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used\nin PolarSSL before 1.2.6, does not properly consider timing side-channel\nattacks on a MAC check requirement during the processing of malformed CBC\npadding, which allows remote attackers to conduct distinguishing attacks\nand plaintext-recovery attacks via statistical analysis of timing data for\ncrafted packets, aka the \"Lucky Thirteen\" issue (CVE-2013-0169).\n\nArray index error in the SSL module in PolarSSL before 1.2.6 might allow\nremote attackers to cause a denial of service via vectors involving a\ncrafted padding-length value during validation of CBC padding in a TLS\nsession (CVE-2013-1621).\n\nA third party can set up a SSL/TLS handshake with a server and send a\nmalformed Certificate handshake message that results in an infinite loop\nfor that connection. With a Man-in-the-Middle attack on a client, a third\nparty can trigger the same infinite loop on a client (CVE-2013-4623).\n",null,[],[],[],[14,16,18],{"_key":15},"CVE-2013-0169",{"_key":17},"CVE-2013-1621",{"_key":19},"CVE-2013-4623",[],[],[23,24,25],{"_key":15},{"_key":17},{"_key":19},"2013-09-24T21:41:53Z","2026-04-16T06:22:41.361745608Z",{"cisa_kev":29,"cisa_ransomware":29,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":9,"severity_score":9,"severity_version":9,"severity_source":9,"severity_vector":9,"severity_status":9},false,[31,37,42,46,50,55,59,63],{"url":32,"sources":33,"tags":35},"https://advisories.mageia.org/MGASA-2013-0290.html",[34],"osv_mageia",[36],"Advisory",{"url":38,"sources":39,"tags":40},"https://bugs.mageia.org/show_bug.cgi?id=11275",[34],[41],"REPORT",{"url":43,"sources":44,"tags":45},"https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-01",[34],[41,36],{"url":47,"sources":48,"tags":49},"https://polarssl.org/tech-updates/security-advisories/polarssl-security-advisory-2013-03",[34],[41,36],{"url":51,"sources":52,"tags":53},"https://polarssl.org/tech-updates/releases/polarssl-1.2.6-released",[34],[41,54],"WEB",{"url":56,"sources":57,"tags":58},"https://polarssl.org/tech-updates/releases/polarssl-1.2.7-released",[34],[41,54],{"url":60,"sources":61,"tags":62},"https://polarssl.org/tech-updates/releases/polarssl-1.2.8-released",[34],[41,54],{"url":64,"sources":65,"tags":66},"https://lists.fedoraproject.org/pipermail/package-announce/2013-September/115922.html",[34],[41,54],[],[],[],[71],{"ecosystem":72,"name":73,"vendor":74,"product":73,"cpe_part":9,"purl_type":75,"purl_namespace":74,"purl_name":73,"source":9,"versions":76},"Mageia","polarssl","mageia","rpm",[77],{"version":78,"is_range":79,"range_type":80,"version_start":9,"version_start_type":9,"version_end":81,"version_end_type":82,"fixed_in":9},"lt1_2_8_1_mga3",true,"ecosystem","1.2.8-1.mga3","excluding"]