CVE-2013-2116

gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)

Severity Score

7.4

*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

La función _gnutls_ciphertext2compressed en lib/gnutls_cipher.c en GnuTLS 2.12.23, permite a atacantes remotos provocar una denegación de servicio (sobrelectura y caída del búfer) a través de un tamaño manipulado. NOTA: esto podría deberse a una incorrecta corrección del CVE-2013-0169.

The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. It was discovered that the fix for the CVE-2013-1619 issue released via RHSA-2013:0636 introduced a regression in the way GnuTLS decrypted TLS/SSL encrypted records when CBC-mode cipher suites were used. A remote attacker could possibly use this flaw to crash a server or client application that uses GnuTLS.

*Credits: N/A

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-02-19 CVE Reserved
2013-05-29 CVE Published
2024-08-06 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-20: Improper Input Validation
CWE-125: Out-of-bounds Read

CAPEC

References (17)

URL	Tag	Source
http://secunia.com/advisories/57260	Third Party Advisory
http://secunia.com/advisories/57274	Third Party Advisory
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6753	X_refsource_misc
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/6754	X_refsource_confirm
http://www.gnutls.org/security.html#GNUTLS-SA-2013-2	X_refsource_confirm
http://www.securitytracker.com/id/1028603	Vdb Entry
https://gitorious.org/gnutls/gnutls/commit/5164d5a1d57cd0372a5dd074382ca960ca18b27d	X_refsource_confirm

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2013-06/msg00019.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00001.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00003.html	2023-11-07
http://rhn.redhat.com/errata/RHSA-2013-0883.html	2023-11-07
http://secunia.com/advisories/53911	2023-11-07
http://www.debian.org/security/2013/dsa-2697	2023-11-07
http://www.mandriva.com/security/advisories?name=MDVSA-2013:171	2023-11-07
http://www.ubuntu.com/usn/USN-1843-1	2023-11-07
https://access.redhat.com/security/cve/CVE-2013-2116	2013-07-16
https://bugzilla.redhat.com/show_bug.cgi?id=966754	2013-07-16

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gnu Search vendor "Gnu"		Gnutls Search vendor "Gnu" for product "Gnutls"				2.12.23 Search vendor "Gnu" for product "Gnutls" and version "2.12.23"		-		Affected