GnuTLS vulnerability

2014-11-1100:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

AI Score

7.2

Confidence

Low

EPSS

0.01

Percentile

83.6%

JSON

Releases

Ubuntu 14.10

Packages

gnutls28 - GNU TLS library - commandline utilities

Details

Sean Burford discovered that GnuTLS incorrectly handled printing certain
elliptic curve parameters. A malicious remote server or client could use
this issue to cause GnuTLS to crash, resulting in a denial of service, or
possibly execute arbitrary code.

OSVersionArchitecturePackageVersionFilename
Ubuntu14.10noarchgnutls-bin< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchguile-gnutls< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutls-deb0-28< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutls-dev< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutls-openssl27< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutls28-dbg< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutls28-dev< 3.2.16-1ubuntu2.1UNKNOWN
Ubuntu14.10noarchlibgnutlsxx28< 3.2.16-1ubuntu2.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Ubuntu	14.10	noarch	gnutls-bin	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	guile-gnutls	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutls-deb0-28	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutls-dev	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutls-openssl27	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutls28-dbg	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutls28-dev	< 3.2.16-1ubuntu2.1	UNKNOWN
Ubuntu	14.10	noarch	libgnutlsxx28	< 3.2.16-1ubuntu2.1	UNKNOWN