FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-1573

This CVE name corresponds to:

Entered	Topic
2012-03-21	gnutls -- possible overflow/Denial of service vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-1573 at cve.mitre.org

Details

Type	Candidate
Name	CVE-2012-1573
Phase	Assigned(20120312)

Description

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

References

Source	Reference
BUGTRAQ	20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1
MLIST	[gnutls-devel] 20120302 gnutls 2.12.16
MLIST	[gnutls-devel] 20120302 gnutls 3.0.15
MLIST	[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01
MLIST	[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01
MISC	http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns/
CONFIRM	http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
CONFIRM	http://git.savannah.gnu.org/gitweb/?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
CONFIRM	http://www.gnu.org/software/gnutls/security.html
CONFIRM	https://bugzilla.redhat.com/show_bug.cgi?id=805432
REDHAT	RHSA-2012:0429
REDHAT	RHSA-2012:0488
REDHAT	RHSA-2012:0531
SUSE	SUSE-SU-2014:0320
UBUNTU	USN-1418-1
OSVDB	80259
SECTRACK	1026828
SECUNIA	48596
SECUNIA	48488
SECUNIA	48712
SECUNIA	57260