CVE-2013-2116

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html
http://rhn.redhat.com/errata/RHSA-2013-0883.html
http://secunia.com/advisories/53911	Vendor Advisory
http://secunia.com/advisories/57260
http://secunia.com/advisories/57274
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754
http://www.debian.org/security/2013/dsa-2697
http://www.gnutls.org/security.html#GNUTLS-SA-2013-2
http://www.mandriva.com/security/advisories?name=MDVSA-2013:171
http://www.securitytracker.com/id/1028603
http://www.ubuntu.com/usn/USN-1843-1
https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d

Configurations

Configuration 1 (hide)

cpe:2.3:a:gnu:gnutls:2.12.23:*:*:*:*:*:*:*

History

07 Nov 2023, 02:14

Type	Values Removed	Values Added
Summary	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

13 Feb 2023, 00:28

Type	Values Removed	Values Added
Summary	~~CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)~~	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
References	~~{'url': 'https://access.redhat.com/errata/RHSA-2013:0883', 'name': 'https://access.redhat.com/errata/RHSA-2013:0883', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://bugzilla.redhat.com/show_bug.cgi?id=966754', 'name': 'https://bugzilla.redhat.com/show_bug.cgi?id=966754', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/security/cve/CVE-2013-2116', 'name': 'https://access.redhat.com/security/cve/CVE-2013-2116', 'tags': [], 'refsource': 'MISC'}~~ ~~{'url': 'https://access.redhat.com/errata/RHSA-2013:1076', 'name': 'https://access.redhat.com/errata/RHSA-2013:1076', 'tags': [], 'refsource': 'MISC'}~~

02 Feb 2023, 18:17

Type	Values Removed	Values Added
References		(MISC) https://access.redhat.com/errata/RHSA-2013:0883 - (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=966754 - (MISC) https://access.redhat.com/security/cve/CVE-2013-2116 - (MISC) https://access.redhat.com/errata/RHSA-2013:1076 -
Summary	The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.	CVE-2013-2116 gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)

Information

Published : 2013-07-03 18:55

Updated : 2023-12-10 11:16

NVD link : CVE-2013-2116

Mitre link : CVE-2013-2116

CVE.ORG link : CVE-2013-2116

JSON object : View

Products Affected

gnu

gnutls

CWE

CWE-20

Improper Input Validation

5.0 /10