CVSS: 5.9EPSS: 0%CPEs: 56EXPL: 0CVE-2012-0390
https://notcve.org/view.php?id=CVE-2012-0390
06 Jan 2012 — The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it easier for remote attackers to recover partial plaintext via a timing side-channel attack, a related issue to CVE-2011-4108. La implementación DTLS en GnuTLS v3.0.10 y anteriores ejecuta codigo de gestion de errores sólo si existe una relación específica entre la longitud de relleno y el tamaño del texto cifrado, l... • http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html • CWE-310: Cryptographic Issues •
CVSS: 9.8EPSS: 1%CPEs: 22EXPL: 0CVE-2011-4128 – gnutls: buffer overflow in gnutls_session_get_data() (GNUTLS-SA-2011-2)
https://notcve.org/view.php?id=CVE-2011-4128
08 Dec 2011 — Buffer overflow in the gnutls_session_get_data function in lib/gnutls_session.c in GnuTLS 2.12.x before 2.12.14 and 3.x before 3.0.7, when used on a client that performs nonstandard session resumption, allows remote TLS servers to cause a denial of service (application crash) via a large SessionTicket. Desbordamiento de búfer en la función gnutls_session_get_data en lib/gnutls_session.c en GnuTLS v2.12.x antes de v2.12.14 y v3.x antes de v3.0.7, cuando se utiliza en un cliente que realiza la reanudación de ... • http://article.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/5596 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •