Home > Vulnerability Database > CVE-2003-0078

Mend.io Vulnerability Database

CVE-2003-0078

Date: August 31, 2004

ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before 0.9.6i does not perform a MAC computation if an incorrect block cipher padding is used, which causes an information leak (timing discrepancy) that may make it easier to launch cryptographic attacks that rely on distinguishing between padding and MAC verification errors, possibly leading to extraction of the original plaintext, aka the "Vaudenay timing attack."

Severity Score

5.3

Related Resources (23)

Url: http://www.osvdb.org/3945

Url: http://www.debian.org/security/2003/dsa-253

Url: http://www.redhat.com/support/errata/RHSA-2003-063.html

Url: ftp://patches.sgi.com/support/free/security/advisories/20030501-01-I

Url: http://www.ciac.org/ciac/bulletins/n-051.shtml

Url: http://marc.info/?l=bugtraq&m=104567627211904&w=2

Url: ftp://ftp.netbsd.org/pub/NetBSD/security/advisories/NetBSD-SA2003-001.txt.asc

Url: http://www.securityfocus.com/bid/6884

Url: http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000570

Url: http://www.redhat.com/support/errata/RHSA-2003-082.html

Url: http://www.mandrakesoft.com/security/advisories?name=MDKSA-2003:020

Url: http://www.redhat.com/support/errata/RHSA-2003-205.html

Url: http://marc.info/?l=bugtraq&m=104568426824439&w=2

Url: https://people.canonical.com/~ubuntu-security/cve/CVE-2003-0078

Url: http://marc.info/?l=bugtraq&m=104577183206905&w=2

Url: https://nvd.nist.gov/vuln/detail/CVE-2003-0078

Url: http://www.iss.net/security_center/static/11369.php

Url: http://www.openssl.org/news/secadv_20030219.txt

Url: http://www.redhat.com/support/errata/RHSA-2003-062.html

Url: http://www.trustix.org/errata/2003/0005

Url: http://www.linuxsecurity.com/advisories/engarde_advisory-2874.html

Url: http://www.redhat.com/support/errata/RHSA-2003-104.html

Url: https://www.mend.io/vulnerability-database/CVE-2003-0078

Severity Score

5.3

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	5.0
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2003-0078

Date: August 31, 2004

Severity Score

Related Resources (23)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?