CVE-2012-1573 — Out-of-bounds Write in Gnutls

CWE-31010 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
9.6%
top 7.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedMar 26
Latest updateMay 14

Description

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

â–¶NVDgnu/gnutls2.12.16+91

🔴Vulnerability Details

3
GHSA
GHSA-h34x-7v7j-22v5: gnutls_cipher↗2022-05-14
â–¶
CVEList
CVE-2012-1573: gnutls_cipher↗2012-03-26
â–¶
OSV
CVE-2012-1573: gnutls_cipher↗2012-03-26
â–¶

📋Vendor Advisories

3
Ubuntu
GnuTLS vulnerabilities↗2012-04-05
â–¶
Red Hat
gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)↗2012-03-21
â–¶
Debian
CVE-2012-1573: gnutls28 - gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does...↗2012
â–¶

💬Community

3
Bugzilla
CVE-2012-1573 gnutls: TLS record handling issue (GNUTLS-SA-2012-2, MU-201202-01)↗2012-03-21
â–¶
Bugzilla
CVE-2012-1573 gnutls: TLS record handling issue [fedora-all]↗2012-03-21
â–¶
Bugzilla
CVE-2012-1573 mingw32-gnutls: TLS record handling issue [fedora-all]↗2012-03-21
â–¶
CVE-2012-1573 — Out-of-bounds Write in GNU Gnutls | cvebase