CVE-2012-1573
gnutls26 - missing bounds check
EPSS 10.2%
Description
gnutls_cipher.c in libgnutls in GnuTLS before 2.12.17 and 3.x before 3.0.15 does not properly handle data encrypted with a block cipher, which allows remote attackers to cause a denial of service (heap memory corruption and application crash) via a crafted record, as demonstrated by a crafted GenericBlockCipher structure.
How to fix CVE-2012-1573
To remediate CVE-2012-1573, upgrade the affected package to a fixed version below.
- Debian/gnutls26—upgrade to 2.8.6-1+squeeze2 or later
- Debian/gnutls28—upgrade to 3.0.17-2 or later
Is CVE-2012-1573 being exploited?
Moderate — EPSS is 10.2%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.8.6-1+squeeze2
- from 0, < 3.0.17-2