CVE-2013-2116

CWE-20Improper Input ValidationCWE-125Out-of-bounds Read8 documents6 sources
Severity
5.0MEDIUM
EPSS
8.7%
top 7.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
GNU Gnutls
Timeline
PublishedJul 3
Latest updateMay 17

Description

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

NVDgnu/gnutls2.12.23

🔴Vulnerability Details

2
GHSA
GHSA-2vj6-mvxm-4f5f: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher2022-05-17
CVEList
CVE-2013-2116: The _gnutls_ciphertext2compressed function in lib/gnutls_cipher2013-07-03

📋Vendor Advisories

2
Red Hat
gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)2013-05-29
Ubuntu
GnuTLS vulnerability2013-05-29

💬Community

3
Bugzilla
CVE-2013-2116 mingw-gnutls: out of bounds read in _gnutls_ciphertext2compressed [fedora-all]2013-05-29
Bugzilla
CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed [fedora-all]2013-05-29
Bugzilla
CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)2013-05-23
CVE-2013-2116 (MEDIUM CVSS 5) | The _gnutls_ciphertext2compressed f | cvebase.io