// For flags

CVE-2013-2116

gnutls: out of bounds read in _gnutls_ciphertext2compressed (GNUTLS-SA-2013-2)

Severity Score

5.0
*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The _gnutls_ciphertext2compressed function in lib/gnutls_cipher.c in GnuTLS 2.12.23 allows remote attackers to cause a denial of service (buffer over-read and crash) via a crafted padding length. NOTE: this might be due to an incorrect fix for CVE-2013-0169.

La función _gnutls_ciphertext2compressed en lib/gnutls_cipher.c en GnuTLS 2.12.23, permite a atacantes remotos provocar una denegación de servicio (sobrelectura y caída del búfer) a través de un tamaño manipulado. NOTA: esto podría deberse a una incorrecta corrección del CVE-2013-0169.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
None
Integrity
None
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-02-19 CVE Reserved
  • 2013-05-29 CVE Published
  • 2024-07-27 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-20: Improper Input Validation
  • CWE-125: Out-of-bounds Read
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Gnu
Search vendor "Gnu"
Gnutls
Search vendor "Gnu" for product "Gnutls"
2.12.23
Search vendor "Gnu" for product "Gnutls" and version "2.12.23"
-
Affected