Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25007

HistoryApr 10, 2020 - 1:12 a.m.

Denial Of Service (DoS)

2020-04-1001:12:39

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

gnutls is vulnerable to denial of service. A flaw was found in the way libtasn1 decoded DER data. An attacker could create a carefully-crafted X.509 certificate that, when parsed by an application that uses GnuTLS, could cause the application to crash.

CPENameOperatorVersion
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__3.el5_1
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__3.el5_2.1
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__3.el5_1
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__3.el5_2.1

References

archives.neohapsis.com/archives/bugtraq/2012-03/0099.html

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5932

article.gmane.org/gmane.comp.gnu.libtasn1.general/53

article.gmane.org/gmane.comp.gnu.libtasn1.general/54

blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/

linux.oracle.com/errata/ELSA-2014-0596.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/076856.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/076865.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077284.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/077339.html

lists.fedoraproject.org/pipermail/package-announce/2012-April/078207.html

lists.fedoraproject.org/pipermail/package-announce/2012-March/076699.html

lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html

rhn.redhat.com/errata/RHSA-2012-0427.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

secunia.com/advisories/48397

secunia.com/advisories/48488

secunia.com/advisories/48505

secunia.com/advisories/48578

secunia.com/advisories/48596

secunia.com/advisories/49002

secunia.com/advisories/50739

secunia.com/advisories/57260

www.debian.org/security/2012/dsa-2440

www.gnu.org/software/gnutls/security.html

www.mandriva.com/security/advisories?name=MDVSA-2012:039

www.openwall.com/lists/oss-security/2012/03/20/3

www.openwall.com/lists/oss-security/2012/03/20/8

www.openwall.com/lists/oss-security/2012/03/21/5

www.securitytracker.com/id?1026829

www.ubuntu.com/usn/USN-1436-1

access.redhat.com/errata/RHSA-2012:0428

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=804920

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

Related for VERACODE:25007

checkpoint_advisories2 openvas48 fedora10 ubuntucve1 freebsd1 nessus28 cve1 altlinux1 securityvulns2 ubuntu1 redhat4 prion1 debian1 amazon1 centos2 gentoo1 oraclelinux3 slackware1 suse1 ibm1 vmware2