CVE-2012-0390Gnutls vulnerability

7 documents7 sources
Severity
4.3MEDIUMNVD
EPSS
0.3%
top 50.41%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedJan 6
Latest updateMay 4

Description

The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.

CVSS vector

AV:N/AC:M/C:P/I:N/A:NExploitability: 8.6 | Impact: 2.9

Affected Packages1 packages

NVDgnu/gnutls3.0.10+55

🔴Vulnerability Details

3
GHSA
GHSA-8w6j-wjpg-446m: The DTLS implementation in GnuTLS 32022-05-04
OSV
CVE-2012-0390: The DTLS implementation in GnuTLS 32012-01-06
CVEList
CVE-2012-0390: The DTLS implementation in GnuTLS 32012-01-06

📋Vendor Advisories

2
Red Hat
gnutls: DTLS plaintext recovery attack2012-01-05
Debian
CVE-2012-0390: gnutls28 - The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-hand...2012

💬Community

1
Bugzilla
CVE-2012-0390 gnutls: DTLS plaintext recovery attack2012-01-06
CVE-2012-0390 — GNU Gnutls vulnerability | cvebase