CVE-2012-1573

Published: 26 March 2012

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Priority

Medium

Status

Package Release Status
gnutls13
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr) Does not exist

Patches:
Upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
gnutls26
Launchpad, Ubuntu, Debian
Upstream
Released (2.12.18)
Ubuntu 16.04 ESM (Xenial Xerus) Does not exist

Ubuntu 14.04 ESM (Trusty Tahr)
Released (2.12.14-5ubuntu3)
Patches:
Upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
Vendor: http://www.debian.org/security/2012/dsa-2441
gnutls28
Launchpad, Ubuntu, Debian
Upstream
Released (3.0.15)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(3.0.21-1ubuntu1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was not-affected [3.0.21-1ubuntu1])
Patches:
Upstream: http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185