PT-2012-1119 · Gentoo+4 · Gentoo Linux+4

Matthew Hall

Published

2012-03-26

Updated

2024-06-15

CVE-2012-1573

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions GnuTLS versions prior to 3.0.15 GnuTLS versions prior to 2.12.18

Description The issue affects the gnutls package in Gentoo Linux, potentially compromising the confidentiality, integrity, and availability of protected information. Exploitation can occur remotely. Specifically, gnutls cipher.c in libgnutls does not properly handle data encrypted with a block cipher, allowing remote attackers to cause a denial of service via a crafted record, such as a crafted GenericBlockCipher structure.

Recommendations For versions prior to 2.12.18, update to version 2.12.18 or later. For versions prior to 3.0.15, update to version 3.0.15 or later. As a temporary workaround, consider restricting access to the gnutls cipher.c function in libgnutls until a patch is available.

Exploit

Fix

DoS

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-310

Related Identifiers

BDU:2015-09647

CESA-2012_0429

CVE-2012-1573

DSA-2441-1

OPENSUSE-SU-2024:10105-1

RHSA-2012:0428

RHSA-2012:0429

RHSA-2012:0531

RHSA-2012_0428

RHSA-2012_0429

Affected Products

Centos

Gentoo Linux

Gnutls

Red Hat

Suse

PT-2012-1119 · Gentoo+4 · Gentoo Linux+4

CVE-2012-1573

Weakness Enumeration

Related Identifiers

Affected Products

References · 58