UbuntuUSN-126-1GNU TLS library vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.027 Low
EPSS
Percentile
90.5%
Releases
- Ubuntu 5.04
- Ubuntu 4.10
Details
A Denial of Service vulnerability was discovered in the GNU TLS
library, which provides common cryptographic algorithms and is used by
many applications in Ubuntu. Due to a missing consistency check of the
padding length field, specially crafted ciphertext blocks caused an
out of bounds memory access which could crash the application. It was
not possible to exploit this to execute any attacker specified code.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Ubuntu | 5.04 | noarch | libgnutls10 | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | libgnutls11 | < * | UNKNOWN |
| Ubuntu | 5.04 | noarch | libgnutls11-dbg | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libgnutls10 | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libgnutls11 | < * | UNKNOWN |
| Ubuntu | 4.10 | noarch | libgnutls11-dbg | < * | UNKNOWN |
References
Related
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
Low
0.027 Low
EPSS
Percentile
90.5%