Lucene search

K
nvd[email protected]NVD:CVE-2012-0390
HistoryJan 06, 2012 - 1:55 a.m.

CVE-2012-0390

2012-01-0601:55:01
CWE-310
web.nvd.nist.gov
1

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.1%

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

Affected configurations

NVD
Node
gnugnutlsRange3.0.10
OR
gnugnutlsMatch2.2.4
OR
gnugnutlsMatch2.2.5
OR
gnugnutlsMatch2.4.0
OR
gnugnutlsMatch2.4.1
OR
gnugnutlsMatch2.4.2
OR
gnugnutlsMatch2.4.3
OR
gnugnutlsMatch2.6.0
OR
gnugnutlsMatch2.6.1
OR
gnugnutlsMatch2.6.2
OR
gnugnutlsMatch2.6.3
OR
gnugnutlsMatch2.6.4
OR
gnugnutlsMatch2.6.5
OR
gnugnutlsMatch2.6.6
OR
gnugnutlsMatch2.8.0
OR
gnugnutlsMatch2.8.1
OR
gnugnutlsMatch2.8.2
OR
gnugnutlsMatch2.8.3
OR
gnugnutlsMatch2.8.4
OR
gnugnutlsMatch2.8.5
OR
gnugnutlsMatch2.8.6
OR
gnugnutlsMatch2.10.0
OR
gnugnutlsMatch2.10.1
OR
gnugnutlsMatch2.10.1-x86
OR
gnugnutlsMatch2.10.2
OR
gnugnutlsMatch2.10.2-x86
OR
gnugnutlsMatch2.10.3
OR
gnugnutlsMatch2.10.4
OR
gnugnutlsMatch2.10.5
OR
gnugnutlsMatch2.10.5-x86
OR
gnugnutlsMatch2.12.0
OR
gnugnutlsMatch2.12.1
OR
gnugnutlsMatch2.12.2
OR
gnugnutlsMatch2.12.3
OR
gnugnutlsMatch2.12.4
OR
gnugnutlsMatch2.12.5
OR
gnugnutlsMatch2.12.6
OR
gnugnutlsMatch2.12.6.1
OR
gnugnutlsMatch2.12.7
OR
gnugnutlsMatch2.12.8
OR
gnugnutlsMatch2.12.9
OR
gnugnutlsMatch2.12.10
OR
gnugnutlsMatch2.12.11
OR
gnugnutlsMatch2.12.12
OR
gnugnutlsMatch2.12.13
OR
gnugnutlsMatch2.12.14
OR
gnugnutlsMatch3.0.0
OR
gnugnutlsMatch3.0.1
OR
gnugnutlsMatch3.0.2
OR
gnugnutlsMatch3.0.3
OR
gnugnutlsMatch3.0.4
OR
gnugnutlsMatch3.0.5
OR
gnugnutlsMatch3.0.6
OR
gnugnutlsMatch3.0.7
OR
gnugnutlsMatch3.0.8
OR
gnugnutlsMatch3.0.9

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:N/A:N

AI Score

9.1

Confidence

High

EPSS

0.005

Percentile

76.1%