CVE-2013-2116
Published: 29 May 2013
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
Notes
| Author | Note |
|---|---|
| mdeslaur | introduced by Lucky 13 fix, only on 2.x |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
gnutls26 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.8.5-2ubuntu0.4)
|
| precise |
Released
(2.12.14-5ubuntu3.4)
|
|
| quantal |
Released
(2.12.14-5ubuntu4.3)
|
|
| raring |
Released
(2.12.23-1ubuntu1.1)
|
|
| saucy |
Released
(2.12.23-1ubuntu2)
|
|
| trusty |
Released
(2.12.23-1ubuntu2)
|
|
| upstream |
Needs triage
|
|
|
Patches: upstream: https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d |
||
|
gnutls28 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
| precise |
Not vulnerable
|
|
| quantal |
Not vulnerable
|
|
| raring |
Ignored
(end of life)
|
|
| saucy |
Not vulnerable
|
|
| trusty |
Does not exist
(trusty was not-affected)
|
|
| upstream |
Not vulnerable
|
|