Lucene search

K
ubuntucveUbuntu.comUB:CVE-2013-2116
HistoryMay 29, 2013 - 12:00 a.m.

CVE-2013-2116

2013-05-2900:00:00
ubuntu.com
ubuntu.com
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.862 High

EPSS

Percentile

98.5%

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS
2.12.23 allows remote attackers to cause a denial of service (buffer
over-read and crash) via a crafted padding length. NOTE: this might be due
to an incorrect fix for CVE-2013-0169.

Notes

Author Note
mdeslaur introduced by Lucky 13 fix, only on 2.x
OSVersionArchitecturePackageVersionFilename
ubuntu14.04noarchgnutls26< 2.12.23-1ubuntu2UNKNOWN
ubuntu10.04noarchgnutls26< 2.8.5-2ubuntu0.4UNKNOWN
ubuntu12.04noarchgnutls26< 2.12.14-5ubuntu3.4UNKNOWN
ubuntu12.10noarchgnutls26< 2.12.14-5ubuntu4.3UNKNOWN
ubuntu13.04noarchgnutls26< 2.12.23-1ubuntu1.1UNKNOWN
ubuntu13.10noarchgnutls26< 2.12.23-1ubuntu2UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.862 High

EPSS

Percentile

98.5%