FKIE_CVE-2012-1573

Vulnerability from fkie_nvd - Published: 2012-03-26 19:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
References
secalert@redhat.comhttp://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
secalert@redhat.comhttp://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
secalert@redhat.comhttp://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d
secalert@redhat.comhttp://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
secalert@redhat.comhttp://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html
secalert@redhat.comhttp://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
secalert@redhat.comhttp://osvdb.org/80259
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0429.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0488.html
secalert@redhat.comhttp://rhn.redhat.com/errata/RHSA-2012-0531.html
secalert@redhat.comhttp://secunia.com/advisories/48488
secalert@redhat.comhttp://secunia.com/advisories/48511
secalert@redhat.comhttp://secunia.com/advisories/48596
secalert@redhat.comhttp://secunia.com/advisories/48712
secalert@redhat.comhttp://secunia.com/advisories/57260
secalert@redhat.comhttp://www.debian.org/security/2012/dsa-2441
secalert@redhat.comhttp://www.gnu.org/software/gnutls/security.htmlVendor Advisory
secalert@redhat.comhttp://www.mandriva.com/security/advisories?name=MDVSA-2012:040
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/21/4
secalert@redhat.comhttp://www.openwall.com/lists/oss-security/2012/03/21/5
secalert@redhat.comhttp://www.securityfocus.com/bid/52667
secalert@redhat.comhttp://www.securitytracker.com/id?1026828
secalert@redhat.comhttp://www.ubuntu.com/usn/USN-1418-1
secalert@redhat.comhttps://bugzilla.redhat.com/show_bug.cgi?id=805432
af854a3a-2127-422b-91ae-364da2661108http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910
af854a3a-2127-422b-91ae-364da2661108http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912
af854a3a-2127-422b-91ae-364da2661108http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/Exploit
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d
af854a3a-2127-422b-91ae-364da2661108http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html
af854a3a-2127-422b-91ae-364da2661108http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html
af854a3a-2127-422b-91ae-364da2661108http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
af854a3a-2127-422b-91ae-364da2661108http://osvdb.org/80259
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0429.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0488.html
af854a3a-2127-422b-91ae-364da2661108http://rhn.redhat.com/errata/RHSA-2012-0531.html
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48488
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48511
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48596
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/48712
af854a3a-2127-422b-91ae-364da2661108http://secunia.com/advisories/57260
af854a3a-2127-422b-91ae-364da2661108http://www.debian.org/security/2012/dsa-2441
af854a3a-2127-422b-91ae-364da2661108http://www.gnu.org/software/gnutls/security.htmlVendor Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.mandriva.com/security/advisories?name=MDVSA-2012:040
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/21/4
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2012/03/21/5
af854a3a-2127-422b-91ae-364da2661108http://www.securityfocus.com/bid/52667
af854a3a-2127-422b-91ae-364da2661108http://www.securitytracker.com/id?1026828
af854a3a-2127-422b-91ae-364da2661108http://www.ubuntu.com/usn/USN-1418-1
af854a3a-2127-422b-91ae-364da2661108https://bugzilla.redhat.com/show_bug.cgi?id=805432
Impacted products
Vendor Product Version
gnu gnutls *
gnu gnutls 2.0.0
gnu gnutls 2.0.1
gnu gnutls 2.0.2
gnu gnutls 2.0.3
gnu gnutls 2.0.4
gnu gnutls 2.1.0
gnu gnutls 2.1.1
gnu gnutls 2.1.2
gnu gnutls 2.1.3
gnu gnutls 2.1.4
gnu gnutls 2.1.5
gnu gnutls 2.1.6
gnu gnutls 2.1.7
gnu gnutls 2.1.8
gnu gnutls 2.2.0
gnu gnutls 2.2.1
gnu gnutls 2.2.2
gnu gnutls 2.2.3
gnu gnutls 2.2.4
gnu gnutls 2.2.5
gnu gnutls 2.3.0
gnu gnutls 2.3.1
gnu gnutls 2.3.2
gnu gnutls 2.3.3
gnu gnutls 2.3.4
gnu gnutls 2.3.5
gnu gnutls 2.3.6
gnu gnutls 2.3.7
gnu gnutls 2.3.8
gnu gnutls 2.3.9
gnu gnutls 2.3.10
gnu gnutls 2.3.11
gnu gnutls 2.4.0
gnu gnutls 2.4.1
gnu gnutls 2.4.2
gnu gnutls 2.4.3
gnu gnutls 2.5.0
gnu gnutls 2.6.0
gnu gnutls 2.6.1
gnu gnutls 2.6.2
gnu gnutls 2.6.3
gnu gnutls 2.6.4
gnu gnutls 2.6.5
gnu gnutls 2.6.6
gnu gnutls 2.7.4
gnu gnutls 2.8.0
gnu gnutls 2.8.1
gnu gnutls 2.8.2
gnu gnutls 2.8.3
gnu gnutls 2.8.4
gnu gnutls 2.8.5
gnu gnutls 2.8.6
gnu gnutls 2.10.0
gnu gnutls 2.10.1
gnu gnutls 2.10.2
gnu gnutls 2.10.3
gnu gnutls 2.10.4
gnu gnutls 2.10.5
gnu gnutls 2.12.0
gnu gnutls 2.12.1
gnu gnutls 2.12.2
gnu gnutls 2.12.3
gnu gnutls 2.12.4
gnu gnutls 2.12.5
gnu gnutls 2.12.6
gnu gnutls 2.12.6.1
gnu gnutls 2.12.7
gnu gnutls 2.12.8
gnu gnutls 2.12.9
gnu gnutls 2.12.10
gnu gnutls 2.12.11
gnu gnutls 2.12.12
gnu gnutls 2.12.13
gnu gnutls 2.12.14
gnu gnutls 2.12.15
gnu gnutls 3.0
gnu gnutls 3.0.0
gnu gnutls 3.0.1
gnu gnutls 3.0.2
gnu gnutls 3.0.3
gnu gnutls 3.0.4
gnu gnutls 3.0.5
gnu gnutls 3.0.6
gnu gnutls 3.0.7
gnu gnutls 3.0.8
gnu gnutls 3.0.9
gnu gnutls 3.0.10
gnu gnutls 3.0.11
gnu gnutls 3.0.12
gnu gnutls 3.0.13
gnu gnutls 3.0.14
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E74CD4C2-9970-4B33-9697-DD51275ADEEC",
              "versionEndIncluding": "2.12.16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "81C6C982-21D5-4FE3-A342-FC45BD78D2F1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A69E3A01-D8C6-4C36-8C4E-52B96541D5B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "F9D61596-01EB-4936-923B-63537625F926",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "599EB59C-7717-47A8-84C6-78B6D79AEB02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "4A6CBB77-818D-4DFF-9DD9-07EBF9933B06",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "26E9005E-5034-43F2-B96E-7829E19FE3A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "6FA854EA-29FE-4B91-AEA3-ED649D7FD25A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "4DC3A5EE-2892-4548-A0CB-D3289CD64D63",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "83F22BF4-A738-438B-8D0B-6993640F0D31",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D3193B7-8FB9-45E4-BFF6-891A3F14F021",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5AF269AE-121B-4982-A765-5C7E806FA9FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "A1C9F604-7FBE-4759-B039-8F5894574203",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "191821CD-E4CB-4269-B04C-284A9F9783B0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2A71474-958D-4689-A652-3E2A731F47FF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "38169043-17DF-4CF9-963A-8770B8882357",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D7E5D9C-0976-4C9A-9FEB-AB923845BAD6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C4537676-A72E-4433-B44F-3664EDD6F240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7CCCB66-C7CC-4E5C-8253-C29D57BE9B43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D090B10-68F2-424D-8234-2A280AA96B59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "23168B77-645D-4A2A-A6E3-7001104064A4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D085B16-3116-423F-BDE0-2D93E12650A8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C59247E9-CDAE-4269-A8E4-F49F617CDD23",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6019C0C-E9DD-4831-8E6A-785AE1A930FD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "16F9CF15-8789-49B6-BB6D-B784C8FF20ED",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A6DAE798-14C9-4CB6-A39F-69CDF9D8FBB0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "C51E0C88-B19C-408D-AC17-10CE7462D48A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7FBFAA-263C-4B7B-A135-9824DFD8CCDA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "2AC41482-B3BC-4C93-A850-73A179BAB763",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "ADC80BE1-28A6-4348-A061-8FD9C805E945",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "9D8EF703-AE06-4DD7-9235-2D8CCDB24F96",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A8AC314-065B-4BC3-A5EE-CA6D3006F9F5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.3.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "D8201FF6-53A8-4850-A2B2-47AA65B2CB75",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "AFB33002-E5C6-4573-BC94-647DDE4E6F89",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D7D245A-D983-40AD-89A7-0EA00D38D570",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "A7223691-225D-4649-B410-F41D2C489BA5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "F786B6F2-77FC-4DFE-A574-2C00EDC08CE0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA9E7F22-5BC4-4AD5-A630-25947CC1E5B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D6B3DBF9-52EB-4741-85E4-E68645BD81E2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "350A6845-77D6-4D63-A13C-5DAB55F98727",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A456D12-C43A-47B0-AC0D-BF02AEBA0828",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "4D457688-987A-4059-AA58-D9BF19ABC48B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA20043D-EC85-4003-9E7B-27AB50F4E133",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "18A2C47E-510D-4537-8F51-3763A73E8E52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.6.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "4704D411-7B24-4B1F-9D40-A39A178FF873",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.7.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2B5E7C27-A5D9-4ABD-AFC5-5367083F387F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D3091701-9B7C-4494-A82E-6E6F64656D85",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "541BCA04-0500-4388-9140-55C17E17EB15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "E11431F6-8C9D-40E1-84F6-CD25147DB15E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "0DC3D824-585E-49F1-9E44-902F5C7D57D5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "2097221B-46C2-480C-8D79-54080186BB58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5CEC430-8CFF-4DC5-9B2B-338C401B1984",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.8.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "F2DAA60D-F9B4-4045-81C2-29AD913E7BF4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "547CC163-57F9-4418-BFB1-0E688DEEE0BB",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "3A274912-B16F-4B91-8CC0-E5CEED04B678",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FA84D0DE-B63F-41E4-AB04-70D2F5134D46",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "5552C7B3-5D56-4858-B138-F49CD1F90513",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9F7E11DD-6AFC-4271-92D5-FB41CA6E1B52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.10.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "BA23D0EC-6014-4303-962A-1936EFCE3D16",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E6021A-40FC-457A-8AAA-0F7E7F9E6752",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "62E5D41F-1837-42C3-B99C-5A0A36013AC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "8BA54B99-2FF1-432F-9587-8F384323CADE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "39F59B50-BC97-43B3-BC15-C767F420291E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "37B25626-7C72-4BAE-85FF-415A5F376A00",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "31E092EF-D7F6-4160-B928-3C3EA1198B33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "52C9B2C9-60F6-4BA0-B1F6-5C697065D098",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.6.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "2F80978A-AAE2-4B69-B54E-C30B9D96C034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "8392ACC4-0325-464D-A39A-E9CDC5AADF1D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "185A2FAD-5541-4439-924B-406BD33E6FA1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "854F260C-4C7D-4855-8644-4B6DC7CD5657",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9943C65B-B896-4F7B-BE86-D6D13CF5C6E6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "07E877F8-3623-4295-816F-7EE4FFDE1599",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "EEBBF961-3DB5-4DBC-AB6F-D3180EA79E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "86E711C7-37EE-4957-BD49-FA08103357BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "A964A74F-CC0E-4E2E-8DBB-858A66EA2566",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:2.12.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "5B36918C-BB8D-4B8E-8868-7726C5ADD4FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC43DD1B-D8F0-4CC6-A5A9-C0DCEB1A7131",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8150D656-9B13-49D0-9960-4C78E057AB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9C048B6A-5AB2-4363-8FE1-88D3F627E1BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "ABA62CAC-C88C-44E5-A611-366F9AD5FB11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "B53405BD-AC8E-4106-9D21-BCD5815E7ECA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0161F845-C5F4-4318-949A-499A4062FB78",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "DBCACBF9-CE33-4F10-8CFC-84F24CC33476",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "C42F577F-264C-4F8F-955A-67743965AB8C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "9000897D-502D-46E3-95A0-FBCEBB0ED5C1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E53BBB9E-3A38-478E-BE88-E5C83E0C9ED8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1B8EDFF-5683-4171-BA76-9B26CAE19FB1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "022F28CD-4D6B-48AB-8E39-244E19D34F67",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "16B5986E-1029-4D40-8012-1FF1615C929A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "45439989-0D3B-4DCE-AB35-B63B1543CD59",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBCD4F3C-8BD4-4367-B00C-A1379C158625",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:gnu:gnutls:3.0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "12F2CFB7-5ACF-4328-B0F8-C3A981CAA368",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure."
    },
    {
      "lang": "es",
      "value": "gnutls_cipher.c en libgnutls en GnuTLS antes de v2.12.17 y v3.x antes de v3.0.15 no maneja adecuadamente los datos cifrados con un cifrado de bloques, lo que permite provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de la pila de memoria y ca\u00edda de la aplicaci\u00f3n) a atacantes remotos a trav\u00e9s de un registro hecho a mano, como se demuestra por una estructura GenericBlockCipher especificamente creada para este fin."
    }
  ],
  "id": "CVE-2012-1573",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2012-03-26T19:55:01.390",
  "references": [
    {
      "source": "secalert@redhat.com",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://osvdb.org/80259"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48488"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48511"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48596"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/48712"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.debian.org/security/2012/dsa-2441"
    },
    {
      "source": "secalert@redhat.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.gnu.org/software/gnutls/security.html"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securityfocus.com/bid/52667"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.securitytracker.com/id?1026828"
    },
    {
      "source": "secalert@redhat.com",
      "url": "http://www.ubuntu.com/usn/USN-1418-1"
    },
    {
      "source": "secalert@redhat.com",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=422214868061370aeeb0ac9cd0f021a5c350a57d"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://git.savannah.gnu.org/gitweb/?p=gnutls.git%3Ba=commit%3Bh=b495740f2ff66550ca9395b3fda3ea32c3acb185"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://osvdb.org/80259"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0429.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0488.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://rhn.redhat.com/errata/RHSA-2012-0531.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48488"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48511"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48596"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/48712"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/57260"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.debian.org/security/2012/dsa-2441"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.gnu.org/software/gnutls/security.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2012:040"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/21/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2012/03/21/5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/52667"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1026828"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.ubuntu.com/usn/USN-1418-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://bugzilla.redhat.com/show_bug.cgi?id=805432"
    }
  ],
  "sourceIdentifier": "secalert@redhat.com",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-310"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.