Attacker Value
Unknown
(0 users assessed)
Exploitability
Unknown
(0 users assessed)
User Interaction
Unknown
Privileges Required
Unknown
Attack Vector
Unknown
0

CVE-2012-1573

Disclosure Date: March 26, 2012
CVE-2012-1573
Add MITRE ATT&CK tactics and techniques that apply to this CVE.

Description

gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics
Base Score:
None
Impact Score:
Unknown
Exploitability Score:
Unknown
Vector:
Unknown
Attack Vector (AV):
Unknown
Attack Complexity (AC):
Unknown
Privileges Required (PR):
Unknown
User Interaction (UI):
Unknown
Scope (S):
Unknown
Confidentiality (C):
Unknown
Integrity (I):
Unknown
Availability (A):
Unknown

General Information

Offensive Application
Unknown
Utility Class
Unknown
Ports
Unknown
OS
Unknown
Vulnerable Versions
n/a
Prerequisites
Unknown
Discovered By
Unknown
PoC Author
Unknown
Metasploit Module
Unknown
Reporter
Unknown

References

Canonical
CVE-2012-1573 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1573)
BID-52667 (http://www.securityfocus.com/bid/52667)
Advisory
USN-1418-1 (http://www.ubuntu.com/usn/USN-1418-1)
SECUNIA-57260 (http://secunia.com/advisories/57260)
http://rhn.redhat.com/errata/RHSA-2012-0531.html
[gnutls-devel] 20120302 gnutls 3.0.15 (http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5912)
http://git.savannah.gnu.org/gitweb?p=gnutls.git;a=commit;h=b495740f2ff66550ca9395b3fda3ea32c3acb185
https://bugzilla.redhat.com/show_bug.cgi?id=805432
SECUNIA-48511 (http://secunia.com/advisories/48511)
OSVDB-80259 (http://osvdb.org/80259)
[oss-security] 20120321 Re: CVE request: GnuTLS TLS record handling issue / MU-201202-01 (http://www.openwall.com/lists/oss-security/2012/03/21/5)
SECUNIA-48488 (http://secunia.com/advisories/48488)
SECUNIA-48712 (http://secunia.com/advisories/48712)
http://www.gnu.org/software/gnutls/security.html
SECTRACK-1026828 (http://www.securitytracker.com/id?1026828)
FEDORA-2012-4569 (http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077071.html)
FEDORA-2012-4578 (http://lists.fedoraproject.org/pipermail/package-announce/2012-March/076496.html)
http://rhn.redhat.com/errata/RHSA-2012-0488.html
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html
SECUNIA-48596 (http://secunia.com/advisories/48596)
http://git.savannah.gnu.org/gitweb?p=gnutls.git;a=commit;h=422214868061370aeeb0ac9cd0f021a5c350a57d
[oss-security] 20120321 CVE request: GnuTLS TLS record handling issue / MU-201202-01 (http://www.openwall.com/lists/oss-security/2012/03/21/4)
[gnutls-devel] 20120302 gnutls 2.12.16 (http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5910)
DSA-2441 (http://www.debian.org/security/2012/dsa-2441)
http://www.mandriva.com/security/advisories?name=MDVSA-2012:040
http://rhn.redhat.com/errata/RHSA-2012-0429.html
20120320 Mu Dynamics, Inc. Security Advisories MU-201202-01 and MU-201202-02 for GnuTLS and Libtasn1 (http://archives.neohapsis.com/archives/bugtraq/2012-03/0099.html)
Miscellaneous
http://blog.mudynamics.com/2012/03/20/gnutls-and-libtasn1-vulns

Additional Info

Authenticated
Unknown
Exploitable
Unknown
Reliability
Unknown
Stability
Unknown
Available Mitigations
Unknown
Shelf Life
Unknown
Userbase/Installbase
Unknown
Patch Effectiveness
Unknown
Technical Analysis