PT-2012-1119 · Gentoo+4 · Gentoo Linux+4

Matthew Hall

Publicado

2012-03-26

Atualizado

2024-06-15

CVE-2012-1573

CVSS v2.0

7.5

Alta

Vetor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.0.15 GnuTLS versions prior to 2.12.18

Description The issue affects the gnutls package in Gentoo Linux, potentially compromising the confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. Specifically, gnutls cipher.c in libgnutls does not properly handle data encrypted with a block cipher, allowing remote attackers to cause a denial of service via a crafted record, such as a crafted GenericBlockCipher structure.

Recommendations For versions prior to 2.12.18, update to version 2.12.18 or later. For versions prior to 3.0.15, update to version 3.0.15 or later. As a temporary workaround, consider restricting access to the gnutls cipher.c function in libgnutls until a patch is available.

Exploit

Correção

DoS

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-310

Identificadores relacionados

BDU:2015-09647

CESA-2012_0429

CVE-2012-1573

DSA-2441-1

OPENSUSE-SU-2024:10105-1

RHSA-2012:0428

RHSA-2012:0429

RHSA-2012:0531

RHSA-2012_0428

RHSA-2012_0429

Produtos afetados

Centos

Gentoo Linux

Gnutls

Red Hat

Suse

PT-2012-1119 · Gentoo+4 · Gentoo Linux+4

CVE-2012-1573

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 58