CVE-2012-0390
published 2012-01-06CVE-2012-0390: The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and…
medium4.3CVSS 3.1
AVNACMAuNCPINAN
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108.
Affected
57 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gnutls28 | < gnutls28 3.0.11-1 (bookworm) | gnutls28 3.0.11-1 (bookworm) |
| gnu | gnutls | <= 3.0.10 | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
| gnu | gnutls | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
osv4.3MEDIUM