5

CVE-2013-2116

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length.  NOTE: this might be due to an incorrect fix for CVE-2013-0169.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GnuGnutls Version2.12.23
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.76% 0.885
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://secunia.com/advisories/57260
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
http://secunia.com/advisories/57274
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html
http://rhn.redhat.com/errata/RHSA-2013-0883.html
http://secunia.com/advisories/53911
Vendor Advisory
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754
http://www.debian.org/security/2013/dsa-2697
http://www.gnutls.org/security.html#GNUTLS-SA-2013-2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:171
http://www.securitytracker.com/id/1028603
http://www.ubuntu.com/usn/USN-1843-1
https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d