You are here

V-167: GnuTLS TLS Record Decoding Denial of Service Vulnerability

May 30, 2013 - 6:00am

Addthis

PROBLEM:

A vulnerability has been reported in GnuTLS

PLATFORM:

GnuTLS 2.x

ABSTRACT:

A vulnerability has been reported in GnuTLS, which can be exploited by malicious people to cause a DoS (Denial of Service)

REFERENCE LINKS:

Secunia Advisory SA53600
GnuTLS Library GNUTLS-SA-2013-2
CVE-2013-2116

IMPACT ASSESSMENT:

Medium

DISCUSSION:

The vulnerability is caused due to an out-of-bounds read error within the "_gnutls_ciphertext2compressed()" function in lib/gnutls_cipher.c and can be exploited to cause a crash of the application using the library.

IMPACT:

Possible DoS

SOLUTION:

Vendor recommends applying Patch or upgrading to Version 3.x

Addthis