csync2 does not securely validate a logic path within the application. The return value GNUTLS_E_WARNING_ALERT_RECEIVED
of the gnutls_handshake()
function is not properly validated as required by design of the API and would lead to unintended logic execution.
CPE | Name | Operator | Version |
---|---|---|---|
csync2:stretch | eq | 2.0-8-g175a01c-4+deb9u1 | |
csync2:edge | eq | 2.0-r2 | |
csync2:3.14 | eq | 2.0-r2 |