CVE-2013-2116
Published: 29 May 2013
The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.
Notes
Author | Note |
---|---|
mdeslaur | introduced by Lucky 13 fix, only on 2.x |
Priority
Status
Package | Release | Status |
---|---|---|
gnutls26 Launchpad, Ubuntu, Debian |
lucid |
Released
(2.8.5-2ubuntu0.4)
|
precise |
Released
(2.12.14-5ubuntu3.4)
|
|
quantal |
Released
(2.12.14-5ubuntu4.3)
|
|
raring |
Released
(2.12.23-1ubuntu1.1)
|
|
saucy |
Released
(2.12.23-1ubuntu2)
|
|
trusty |
Released
(2.12.23-1ubuntu2)
|
|
upstream |
Needs triage
|
|
Patches: upstream: https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d |
||
gnutls28 Launchpad, Ubuntu, Debian |
lucid |
Does not exist
|
precise |
Not vulnerable
|
|
quantal |
Not vulnerable
|
|
raring |
Ignored
(end of life)
|
|
saucy |
Not vulnerable
|
|
trusty |
Does not exist
(trusty was not-affected)
|
|
upstream |
Not vulnerable
|