5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.956 High
EPSS
Percentile
99.4%
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15
does not properly handle data encrypted with a block cipher, which allows
remote attackers to cause a denial of service (heap memory corruption and
application crash) via a crafted record, as demonstrated by a crafted
GenericBlockCipher structure.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 8.04 | noarch | gnutls13 | < 2.0.4-1ubuntu2.7 | UNKNOWN |
ubuntu | 10.04 | noarch | gnutls26 | < 2.8.5-2ubuntu0.1 | UNKNOWN |
ubuntu | 10.10 | noarch | gnutls26 | < 2.8.6-1ubuntu0.1 | UNKNOWN |
ubuntu | 11.04 | noarch | gnutls26 | < 2.8.6-1ubuntu2.1 | UNKNOWN |
ubuntu | 11.10 | noarch | gnutls26 | < 2.10.5-1ubuntu3.1 | UNKNOWN |
ubuntu | 12.04 | noarch | gnutls26 | < 2.12.14-5ubuntu3 | UNKNOWN |
ubuntu | 12.10 | noarch | gnutls26 | < 2.12.14-5ubuntu3 | UNKNOWN |
ubuntu | 13.04 | noarch | gnutls26 | < 2.12.14-5ubuntu3 | UNKNOWN |
ubuntu | 13.10 | noarch | gnutls26 | < 2.12.14-5ubuntu3 | UNKNOWN |
ubuntu | 14.04 | noarch | gnutls26 | < 2.12.14-5ubuntu3 | UNKNOWN |
article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5959
www.gnu.org/software/gnutls/security.html
www.openwall.com/lists/oss-security/2012/03/21/5
launchpad.net/bugs/cve/CVE-2012-1573
nvd.nist.gov/vuln/detail/CVE-2012-1573
security-tracker.debian.org/tracker/CVE-2012-1573
ubuntu.com/security/notices/USN-1418-1
www.cve.org/CVERecord?id=CVE-2012-1573