CVE-2019-15523

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions LINBIT csync2 versions through 2.0

Description An issue was discovered in LINBIT csync2. It does not correctly check for the return value GNUTLS E WARNING ALERT RECEIVED of the gnutls handshake() function. It neglects to call this function again, as required by the design of the API.

Recommendations For LINBIT csync2 versions through 2.0, ensure that the return value GNUTLS E WARNING ALERT RECEIVED of the gnutls handshake() function is correctly checked and the function is called again as required. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Unchecked Return Value

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-252

Related Identifiers

ALT-PU-2023-7630

ALT-PU-2023-7632

ALT-PU-2023-7754

ALT-PU-2024-17519

CVE-2019-15523

DLA-2515-1

OPENSUSE-SU-2021:0853-1

OPENSUSE-SU-2021_0853-1

OPENSUSE-SU-2024:10706-1

SUSE-SU-2021:1858-1

SUSE-SU-2021:1952-1

Affected Products

Alt Linux

Linbit Csync2

Suse

CVE-2019-15523

Weakness Enumeration

Related Identifiers

Affected Products

References · 24