Lucene search

K

Veracode Vulnerability DatabaseVERACODE:25006

HistoryApr 10, 2020 - 1:12 a.m.

Denial Of Service (DoS)

2020-04-1001:12:38

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

17

0.003 Low

EPSS

Percentile

70.3%

gnutls is vulnerable to denial of service. A boundary error was found in the gnutls_session_get_data() function. A malicious TLS/SSL server could use this flaw to crash a TLS/SSL client or, possibly, execute arbitrary code as the client, if the client passed a fixed-sized buffer to gnutls_session_get_data() before checking the real size of the session data provided by the server.

CPENameOperatorVersion
gnutlseq1.4.1__3.el5_1
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__3.el5_2.1
gnutlseq1.4.1__3.el5_1
gnutlseq1.4.1__3.el5_3.5
gnutlseq1.4.1__3.el5_4.8
gnutlseq1.4.1__3.el5_2.1

References

article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596

git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=190cef6eed37d0e73a73c1e205eb31d45ab60a3c

git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commitdiff;h=e82ef4545e9e98cbcb032f55d7c750b81e3a0450

lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html

openwall.com/lists/oss-security/2011/11/09/2

openwall.com/lists/oss-security/2011/11/09/4

rhn.redhat.com/errata/RHSA-2012-0429.html

rhn.redhat.com/errata/RHSA-2012-0488.html

rhn.redhat.com/errata/RHSA-2012-0531.html

secunia.com/advisories/48596

secunia.com/advisories/48712

www.gnu.org/software/gnutls/security.html

www.mandriva.com/security/advisories?name=MDVSA-2012:045

www.ubuntu.com/usn/USN-1418-1

access.redhat.com/errata/RHSA-2012:0428

access.redhat.com/security/updates/classification/#important

bugzilla.redhat.com/show_bug.cgi?id=752308

0.003 Low

EPSS

Percentile

70.3%

Related for VERACODE:25006

prion1 nessus23 ubuntucve1 securityvulns1 openvas25 cve1 nvd1 cvelist1 freebsd1 fedora2 oraclelinux2 redhat4 ubuntu1 amazon1 centos2 gentoo1 slackware1 vmware2