Lucene search

K
cve[email protected]CVE-2012-0390
HistoryJan 06, 2012 - 1:55 a.m.

CVE-2012-0390

2012-01-0601:55:01
CWE-310
web.nvd.nist.gov
40
cve-2012-0390
gnutls
dtls
remote attackers
plaintext recovery
side-channel attack
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.005

Percentile

76.1%

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

Affected configurations

NVD
Node
gnugnutlsRangeโ‰ค3.0.10
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.4.3
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.8.0
OR
gnugnutlsMatch2.8.1
OR
gnugnutlsMatch2.8.2
OR
gnugnutlsMatch2.8.3
OR
gnugnutlsMatch2.8.4
OR
gnugnutlsMatch2.8.5
OR
gnugnutlsMatch2.8.6
OR
gnugnutlsMatch2.10.0
OR
gnugnutlsMatch2.10.1
OR
gnugnutlsMatch2.10.1-x86
OR
gnugnutlsMatch2.10.2
OR
gnugnutlsMatch2.10.2-x86
OR
gnugnutlsMatch2.10.3
OR
gnugnutlsMatch2.10.4
OR
gnugnutlsMatch2.10.5
OR
gnugnutlsMatch2.10.5-x86
OR
gnugnutlsMatch2.12.0
OR
gnugnutlsMatch2.12.1
OR
gnugnutlsMatch2.12.2
OR
gnugnutlsMatch2.12.3
OR
gnugnutlsMatch2.12.4
OR
gnugnutlsMatch2.12.5
OR
gnugnutlsMatch2.12.6
OR
gnugnutlsMatch2.12.6.1
OR
gnugnutlsMatch2.12.7
OR
gnugnutlsMatch2.12.8
OR
gnugnutlsMatch2.12.9
OR
gnugnutlsMatch2.12.10
OR
gnugnutlsMatch2.12.11
OR
gnugnutlsMatch2.12.12
OR
gnugnutlsMatch2.12.13
OR
gnugnutlsMatch2.12.14
OR
gnugnutlsMatch3.0.0
OR
gnugnutlsMatch3.0.1
OR
gnugnutlsMatch3.0.2
OR
gnugnutlsMatch3.0.3
OR
gnugnutlsMatch3.0.4
OR
gnugnutlsMatch3.0.5
OR
gnugnutlsMatch3.0.6
OR
gnugnutlsMatch3.0.7
OR
gnugnutlsMatch3.0.8
OR
gnugnutlsMatch3.0.9
VendorProductVersionCPE
gnugnutls2.8.2cpe:/a:gnu:gnutls:2.8.2:::
gnugnutls3.0.2cpe:/a:gnu:gnutls:3.0.2:::
gnugnutls3.0.9cpe:/a:gnu:gnutls:3.0.9:::
gnugnutls2.8.4cpe:/a:gnu:gnutls:2.8.4:::
gnugnutls2.10.2-x86cpe:/a:gnu:gnutls:2.10.2-x86:::
gnugnutls2.12.6.1cpe:/a:gnu:gnutls:2.12.6.1:::
gnugnutlscpe:/a:gnu:gnutls::::
gnugnutls2.4.1cpe:/a:gnu:gnutls:2.4.1:::
gnugnutls2.8.1cpe:/a:gnu:gnutls:2.8.1:::
gnugnutls2.10.5cpe:/a:gnu:gnutls:2.10.5:::
Rows per page:
1-10 of 561

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

8.4

Confidence

High

EPSS

0.005

Percentile

76.1%