4.3 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:M/Au:N/C:P/I:N/A:N
0.005 Low
EPSS
Percentile
76.2%
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain
error-handling code only if there is a specific relationship between a
padding length and the ciphertext size, which makes it easier for remote
attackers to recover partial plaintext via a timing side-channel attack, a
related issue to CVE-2011-4108.
Author | Note |
---|---|
tyhicks | DTLS support was not implemented until gnutls-2.99.0 |